Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0 (1).eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0 (1).eml
Analysis ID:1524423
MD5:66b5155055c7cc365141f659989ccd23
SHA1:e893f36561b684879decda0d05a9f41b54a0c830
SHA256:201fdd96c1151af9f66613def2d889d359d6f9e8c24738d3ad7950e8bb0d247a
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected suspicious crossdomain redirect
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7040 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (1).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6272 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A69262BD-972A-439F-8F24-67447AB18661" "C3AB50F0-727C-4A88-A596-606E518DBBB6" "7040" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,9197103636515015310,5808329998760959994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7040, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 10MB later: 28MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: urldefense.com to https://csi.ehr.com/ess/home/login.aspx
Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox ViewIP Address: 13.107.253.45 13.107.253.45
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 52.204.90.22 52.204.90.22
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLNul59wgCmKpyr&MD=YVCorGdE HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$ HTTP/1.1Host: urldefense.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ESS/Home/login.aspx HTTP/1.1Host: csi.ehr.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/index-DyLirHvO.js HTTP/1.1Host: csi.ehr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://csi.ehr.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://csi.ehr.com/ESS/Home/login.aspxAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/index-DyLirHvO.js HTTP/1.1Host: csi.ehr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/mainApp-D3RIoe8y.css HTTP/1.1Host: csi.ehr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://csi.ehr.com/ESS/Home/login.aspxAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /assets/mainApp-B4DHjQ3e.js HTTP/1.1Host: csi.ehr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://csi.ehr.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: csi.ehr.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://csi.ehr.com/ESS/Home/login.aspxAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: csi.ehr.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: urldefense.com
Source: global trafficDNS traffic detected: DNS query: csi.ehr.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: ~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp.0.drString found in binary or memory: https://CSI.ehr.com
Source: chromecache_58.11.drString found in binary or memory: https://fonts.googleapis.com/css2?family=Material
Source: chromecache_58.11.drString found in binary or memory: https://fonts.googleapis.com/css?family=Source
Source: chromecache_58.11.drString found in binary or memory: https://fonts.googleapis.com/icon?family=Material
Source: chromecache_54.11.drString found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_57.11.drString found in binary or memory: https://fonts.gstatic.com/s/materialsymbolsoutlined/v210/kJEhBvYX7BgnkSrUwT8OhrdQw4oELdPIeeII9v6oFsI
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdg18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdh18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdi18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdj18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdo18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18Q.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdv18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdg18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdh18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdi18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdj18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdo18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSds18Q.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdv18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidg18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidh18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidj18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkido18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18Q.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidv18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydg18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydh18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydi18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydj18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydo18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklyds18Q.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydv18Smxg.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwkxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmhduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wkxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wmBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wmRduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wmhduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wmxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwkxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmhduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmBduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmRduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmhduz8A.woff2)
Source: chromecache_56.11.drString found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmxduz8A.woff2)
Source: ~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp.0.drString found in binary or memory: https://urldefense.com/v3/__https://CSI.ehr.com/ESS/Home/login.aspx__;
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.69:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: classification engineClassification label: clean3.winEML@18/34@8/5
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1259380898-7040.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (1).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A69262BD-972A-439F-8F24-67447AB18661" "C3AB50F0-727C-4A88-A596-606E518DBBB6" "7040" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,9197103636515015310,5808329998760959994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A69262BD-972A-439F-8F24-67447AB18661" "C3AB50F0-727C-4A88-A596-606E518DBBB6" "7040" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,9197103636515015310,5808329998760959994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
urldefense.com
52.204.90.22
truefalse
    		unknown
    s-part-0017.t-0009.fb-t-msedge.net
    		13.107.253.45
    		truefalse
      		unknown
      s-part-0017.t-0009.t-msedge.net
      		13.107.246.45
      		truefalse
        		unknown
        www.google.com
        		216.58.212.164
        		truefalse
          		unknown
          csi.ehr.com
          		unknown
          		unknownfalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://csi.ehr.com/favicon.icofalse
              		unknown
              https://csi.ehr.com/ESS/Home/login.aspxfalse
                		unknown
                https://csi.ehr.com/assets/mainApp-D3RIoe8y.cssfalse
                  		unknown
                  https://urldefense.com/v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$false
                    		unknown
                    https://csi.ehr.com/assets/mainApp-B4DHjQ3e.jsfalse
                      		unknown
                      https://csi.ehr.com/assets/index-DyLirHvO.jsfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://urldefense.com/v3/__https://CSI.ehr.com/ESS/Home/login.aspx__;~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp.0.drfalse
                          		unknown
                          https://CSI.ehr.com~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp.0.drfalse
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            13.107.246.45
                            		s-part-0017.t-0009.t-msedge.netUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            13.107.253.45
                            		s-part-0017.t-0009.fb-t-msedge.netUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            52.204.90.22
                            		urldefense.comUnited States
                            		14618AMAZON-AESUSfalse

                            Private

                            IP
                            192.168.2.16

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1524423
                            Start date and time:2024-10-02 18:59:02 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 2m 44s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:12
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:phish_alert_sp2_2.0.0.0 (1).eml
                            Detection:CLEAN
                            Classification:clean3.winEML@18/34@8/5
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 0
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Found application associated with file extension: .eml

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 199.232.214.172, 93.184.221.240, 52.113.194.132, 52.109.68.129, 2.19.126.160, 2.19.126.151, 20.189.173.11, 172.217.16.195, 172.217.16.142, 142.250.185.142, 173.194.76.84, 142.251.168.84, 34.104.35.123, 172.217.23.106, 216.58.206.67
                            • Excluded domains from analysis (whitelisted): omex.cdn.office.net, azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, onedscolprdwus10.westus.cloudapp.azure.com, login.live.com, star-azurefd-prod.trafficmanager.net, frc-azsc-000.roaming.officeapps.live.com, a1864.dscd.akamai.net, ecs.office.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: phish_alert_sp2_2.0.0.0 (1).eml

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            239.255.255.250file.exeGet hashmaliciousCredential FlusherBrowse
                              file.exeGet hashmaliciousCredential FlusherBrowse
                                file.exeGet hashmaliciousCredential FlusherBrowse
                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                    27987136e29b3032ad40982c8b7c2e168112c9601e08da806119dcba615524b5.htmlGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                                • nam.dcv.ms/BxPVLH2cz4
                                                13.107.253.45Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                  Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                    ELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                      Message_2477367.emlGet hashmaliciousUnknownBrowse
                                                        https://docs.zoom.us/doc/qMqlDrh-RUWwdmI-mAClTgGet hashmaliciousHTMLPhisherBrowse
                                                          SCAN_Client_No_XP9739270128398468932393.pdfGet hashmaliciousHTMLPhisherBrowse
                                                            https://www.netigate.se/a/s.aspx?s=1236726X450166796X50614Get hashmaliciousUnknownBrowse
                                                              https://zlh1lc1cc8dntbjy.umso.co/Get hashmaliciousUnknownBrowse
                                                                https://zlh1lc1cc8dntbjy.umso.co/Get hashmaliciousUnknownBrowse
                                                                  https://www.google.to/url?url=https://bxaxlsoggszcwwbz&nzc=vvjpqcc&suvkdk=cmz&kwdec=vutety&cbb=sslsceg&pagnn=fuhmpw&dkqf=mwwhastk&ffmvozjupo=yqbyougxxo&q=amp/gm5bqhj.g%C2%ADb%C2%ADe%C2%ADym%C2%ADw%C2%ADc%C2%ADg%C2%ADv%C2%ADk%C2%ADb%C2%ADd%C2%ADevll.com%E2%80%8B/cbvogermm&clnw=xokmakg&dhxrdhh=zgwr&tievm=savxww&gfpizxn=fnvGet hashmaliciousHTMLPhisherBrowse
                                                                    52.204.90.22phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                      Mbower Replay VM (01m32sec).docxGet hashmaliciousTycoon2FABrowse
                                                                        https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxVkE9vozAQxb9KxYFTE8ABHCqhloaWqhVtpHYX2ouFzZiEPzbBDlFT7XdfyGGlPYw0M-_p96T3YxyH1ri5MnZa9-rGsqazBA5CwbIfpOS93Au9ZLKzRjSLt8fwYl2sIkIkg0LQQjWgG1XMLjJNV4gJQcwyjE_pY3QyWQjH5EtpVnzEbTvuu4fXNcV1PpwOb3wxehHZlH0lfvP9Pk3NIbwnh9czPmOW1FVOx0rZO_tdb9Jt5rYvOYwL8GuPMJugyOxCr8FiUccHjj7Fw3diZ6J1dEIZ9xF7zsGpNaT3DHOFbMg258AZm-7bHbaHR1eJXS9MFTp2gp839MlLBOFxB6D99PQSjSXPf-GvbUtj_iay3TELpAmhcX1lNHNnArQcKq4xxmgVBFbFh0I0XA767t82daGkUJcGqc9K6roA7sorweYeAm_t47XPueNTxC1n4nhrFKBg6XhzDFxiinYiyLvirIEVXTezZrGcxf-ef_4CYlCa6A.MEYCIQCzPxWtxWQGkHW86AwRKtsDZydw5vu8jL1MJrzHXft8UAIhAJOKK3mrdoY-IUaSjeQTp9YazmFBhA4NgZxrXzXpace-Get hashmaliciousHTMLPhisherBrowse
                                                                          https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkEFTo0AUhP-KxYGTBAiBAasoZY2ryxoiJiSYCzUwb5ANmSHDACZb-99XcvDg7fX7urqr-q_SiVq5uVLepWzaG13_lAQosBYmjeCcNrxiclLwg95PR3jb-RerZgVZVpxyEHldSSxGSyYPTaYSfz4sfuJYLXzoHnetLPB6Xtd9dXiI3Bz9ScVwXFKtt4PsnjQl29CqWixU4W9t9PyU8vvt6wym0SzprfnuvAqayHSOr1oeL8OKHKM0EUOpHvxs-kLCeaDVWgxGjuF315DNr-fkFEbpxuu4vW1fdmYdiO7cEYZW5yU8xkOwKIN19hT-cNTWf-sLO_GOjUjN7m1vFG6CWXz6YBlpP_bv-QOzoxMNWWR4gwq-cn2l7MepGEguSioRQlPL8_SSCsz2lAt593VhRlrO2stwHhBseRb2XDBxQRzq4tzJXeoiZJDZDOnmZ47tmobpTBxnrIGx5pJ1V0ggJQxYwmXikZKRfv__-w-IDZlU.MEUCIQD5KoQFyNyZ_ZvMCFdlRj-SGVXclJqme5x1gJlhlwU7AAIgGF3bihbLDJLLG9Iz5dnXj74T2FgiyQEStFa98-1MG68Get hashmaliciousHTMLPhisherBrowse
                                                                            https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxVkEtvozAUhf9KxYLVEIx5GCqhNiFNptOSx6RKaDfIwTYQDCbYIW2q-e8Tshhpdvfe7-gc3fOtnTqu3d9phVKtvDfN60ooo42ko7YTgrWibNQoE7XZwwE-nMKb1LDHaVoIRTkva9zhZtCkqm5TnYTTczzDaz0L6Wn-IVWG36ac92X9tPD36JB05-OSGb07TiPS5s2WlWUc6104SY-LC7qgbH7Ik32fS1CAjYri1c7hLwntDeod3DQDKRzrddj31mrxu_u5MxLIn4vklLxWbIXtsxdNYhSp5eLTY2vL_6z41HAqkWy2r9Dl0XMt1ruifNJlKAzaBvj9Mnc_Nl_2jPrVL0vmUy_a-tvga1mUR9i_LeVsomKdhtqPO60aumqoEl3OFEII2kFg5uz6f8VEpx7_TbghUjTy1pxFCPV8Zw-wBxAJMPMBCxwbMB8Ci0BgWlcfF3m25YwgHGLoLQbzq4N4xBdFM1zXg9cAyQD_O_75C-4tliU.MEUCIGCTUJYQT5-VanQzq1VIvFGhfyGZtavaJnUbdai61s34AiEA_BgUSURRBn4yGaiUonx_tjHhD3-L9hRZnt-UwOnBEKgGet hashmaliciousHTMLPhisherBrowse
                                                                              Fwd_ Contract #213100825.msgGet hashmaliciousUnknownBrowse
                                                                                Shipment1618433202.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                  [_EXT_] _Notification Alert_ ACH #309987713.pdf - Confirmation 405037.emlGet hashmaliciousUnknownBrowse
                                                                                    https://urldefense.com/v3/__https://track.tec35.com/action-tracking/click?identifier=16ec6df0-6417-4856-8d12-b17d22b3da70_4ac1e88d-afe5-4bae-ba5f-c6dac71dc346&redirectUrl=negociocrm.com*well-knowm*fsghreyus.php*tersyue=aGVhdGhlcmxhcmtAZGVsdGVrLmNvbQ==__;Ly8_!!Ofz1Xjg!5vUqENP7E-MfpkgIzkAQBUB_tOhEkxK-eE53pNmgV4KBSl3ikeEbBH52-zmglDUbXiI0yEPjS4ije_kdwDFbZ4X010bv2YMIZ_CgL6d7$Get hashmaliciousHTMLPhisherBrowse
                                                                                      http://uspsqqww.worldGet hashmaliciousUnknownBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        www.google.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.185.132
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.185.68
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 216.58.206.36
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.184.228
                                                                                        27987136e29b3032ad40982c8b7c2e168112c9601e08da806119dcba615524b5.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.184.196
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.185.100
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.185.68
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.184.196
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 216.58.206.68
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 142.250.184.228
                                                                                        s-part-0017.t-0009.t-msedge.netlFsYXvJPWw.exeGet hashmaliciousXRedBrowse
                                                                                        • 13.107.246.45
                                                                                        test.exeGet hashmaliciousBabadedaBrowse
                                                                                        • 13.107.246.45
                                                                                        https://orv-moers.powerappsportals.com/Get hashmaliciousHtmlDropperBrowse
                                                                                        • 13.107.246.45
                                                                                        Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                                                        • 13.107.246.45
                                                                                        Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                                                        • 13.107.246.45
                                                                                        https://www.cognitoforms.com/f/rADrEGHdv0GgqbomuoObjQ/1Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.246.45
                                                                                        https://cnrsys.com/.jhg/#annQ3bttQ3bd0T2vTau5kZR3wh07xdaiiR3whi-5kZankyH05d0TQ3buGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.246.45
                                                                                        00#U2800.exeGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.246.45
                                                                                        https://email.mg.pmctraining.com/c/eJwUzDGOhSAQANDTSCfBAQQL2n-PgRmUDaAh_E329hvbVzwKpJF3Ehw2B84ro50WV0j68CYB2SNnQrVvLloHPjtLjAq9KAFAJ7thXDVQWlEdcfVg82oOBTo6s9ucFqPaKZ-W5sDSSz9lupuogbhPrBkT10n4ooxjgU8jXuDzfeqNJJ_rESP8fLGXiXJw6ddd6S3_GnaczPIep_gN8B8AAP__bcA-LwGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.246.45
                                                                                        ELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.246.45
                                                                                        urldefense.comSecureMessageAtt.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 52.6.56.188
                                                                                        Seeking Assistance for Legal Assistance in a Medical Matter.msgGet hashmaliciousUnknownBrowse
                                                                                        • 52.6.56.188
                                                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                        • 52.204.90.22
                                                                                        MIDDLE EAST CARTON INDUSTRY.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 52.6.56.188
                                                                                        2024-09-09 Allstate MSP Schedule page.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 52.71.28.102
                                                                                        https://urldefense.com/v3/__https:/www.tiktok.com/**Clink/v2?aid=1988&lang=enFSmPWg&scene=bio_url&target=google.com.**Camp*s**Cc**At**Ah**B.**Av**An*.dev*vzQIRsw2*ZGpvcmRhbkBtaWRvcmVnb24uY29t=$**B__;Ly8vLy8vLy8vL-KAi8Ktwq3igIvCrcKtLy8v44CC!!OyaRKFsH3g!mcXflt2ERl_n86iMStwZCC0oNlPS7qCRUYbOyyXmqXMA34z5dHKQFBCDcaHd8yq-0z2MCnm8nnlvLnUhRQ$Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 52.71.28.102
                                                                                        FW_ SLS properties Credit application.msgGet hashmaliciousUnknownBrowse
                                                                                        • 52.71.28.102
                                                                                        https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxVkE9vozAQxb9KxYFTE8ABHCqhloaWqhVtpHYX2ouFzZiEPzbBDlFT7XdfyGGlPYw0M-_p96T3YxyH1ri5MnZa9-rGsqazBA5CwbIfpOS93Au9ZLKzRjSLt8fwYl2sIkIkg0LQQjWgG1XMLjJNV4gJQcwyjE_pY3QyWQjH5EtpVnzEbTvuu4fXNcV1PpwOb3wxehHZlH0lfvP9Pk3NIbwnh9czPmOW1FVOx0rZO_tdb9Jt5rYvOYwL8GuPMJugyOxCr8FiUccHjj7Fw3diZ6J1dEIZ9xF7zsGpNaT3DHOFbMg258AZm-7bHbaHR1eJXS9MFTp2gp839MlLBOFxB6D99PQSjSXPf-GvbUtj_iay3TELpAmhcX1lNHNnArQcKq4xxmgVBFbFh0I0XA767t82daGkUJcGqc9K6roA7sorweYeAm_t47XPueNTxC1n4nhrFKBg6XhzDFxiinYiyLvirIEVXTezZrGcxf-ef_4CYlCa6A.MEYCIQCzPxWtxWQGkHW86AwRKtsDZydw5vu8jL1MJrzHXft8UAIhAJOKK3mrdoY-IUaSjeQTp9YazmFBhA4NgZxrXzXpace-Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 52.204.90.22
                                                                                        https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkE1TgzAYhP-Kw4GTLYSPBjrDaC3Wj0Iram31wiBJkBaSEAKIjv_d0oMHb---u_PszH4rjSiU6ZnyISWvp5p2lAgTTGs85oIxwllO5ThlpdYag3nReKfoyJzFMceMF7juKRZZjodULEseq8jzu3CRRGrq4ebmrZZp8uwXRZuX1yvnHe53oqvWZNTas3iOeEZfSJ6HoSq8rQ2D2x2bbx8tbKysTWv6b19PM74Ck-px9B6t73NUrXYb0WVq6e39SEQ3h9j6cLrFIgLVchM_xLgJpG8G_WTmb5Af0O3nYhuGsAp9uS-NXXVVtdd51Aa6qdZeCLJ2FGV395IHYXcQa6tPno3CYfDztdHnd6_LeW_21cuXo6vYU87PlMOwFsWSiYxICKFhuq6WEZHQA2FCXv5dCUU1o_VpuwS4gLhoMkEWcAyiIxumpgF1ABNTR8DSwJFjO8C23DF0hxo81JxYl6nEKMNdIrEYYIOLBvf__-cXvb2YkA.MEYCIQDlWYmC9YWqLwzGo1_Uz-5wC3tKqjhwYdDjRwRlhUS1MgIhAIacU_ZjLEOwuLoud4iCkwdAfjTkcppBULGpCRVOxW_PGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 52.71.28.102
                                                                                        https://shared.outlook.inky.com/link?domain=urldefense.proofpoint.com&t=h.eJxdkEFTo0AUhP-KxYGTBAiBAasoZY2ryxoiJiSYCzUwb5ANmSHDACZb-99XcvDg7fX7urqr-q_SiVq5uVLepWzaG13_lAQosBYmjeCcNrxiclLwg95PR3jb-RerZgVZVpxyEHldSSxGSyYPTaYSfz4sfuJYLXzoHnetLPB6Xtd9dXiI3Bz9ScVwXFKtt4PsnjQl29CqWixU4W9t9PyU8vvt6wym0SzprfnuvAqayHSOr1oeL8OKHKM0EUOpHvxs-kLCeaDVWgxGjuF315DNr-fkFEbpxuu4vW1fdmYdiO7cEYZW5yU8xkOwKIN19hT-cNTWf-sLO_GOjUjN7m1vFG6CWXz6YBlpP_bv-QOzoxMNWWR4gwq-cn2l7MepGEguSioRQlPL8_SSCsz2lAt593VhRlrO2stwHhBseRb2XDBxQRzq4tzJXeoiZJDZDOnmZ47tmobpTBxnrIGx5pJ1V0ggJQxYwmXikZKRfv__-w-IDZlU.MEUCIQD5KoQFyNyZ_ZvMCFdlRj-SGVXclJqme5x1gJlhlwU7AAIgGF3bihbLDJLLG9Iz5dnXj74T2FgiyQEStFa98-1MG68Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 52.204.90.22
                                                                                        s-part-0017.t-0009.fb-t-msedge.netAxactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                                                        • 13.107.253.45
                                                                                        Axactor Microsoft - Introduksjonsm#U00f8te.msgGet hashmaliciousEvilProxyBrowse
                                                                                        • 13.107.253.45
                                                                                        ELECTRONIC RECEIPT_Opcsa.htmlGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                        • 13.107.253.45
                                                                                        Message_2477367.emlGet hashmaliciousUnknownBrowse
                                                                                        • 13.107.253.45
                                                                                        https://docs.zoom.us/doc/qMqlDrh-RUWwdmI-mAClTgGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.253.45
                                                                                        SCAN_Client_No_XP9739270128398468932393.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.253.45
                                                                                        https://www.netigate.se/a/s.aspx?s=1236726X450166796X50614Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.253.45
                                                                                        https://zlh1lc1cc8dntbjy.umso.co/Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.253.45
                                                                                        https://zlh1lc1cc8dntbjy.umso.co/Get hashmaliciousUnknownBrowse
                                                                                        • 13.107.253.45
                                                                                        https://www.google.to/url?url=https://bxaxlsoggszcwwbz&nzc=vvjpqcc&suvkdk=cmz&kwdec=vutety&cbb=sslsceg&pagnn=fuhmpw&dkqf=mwwhastk&ffmvozjupo=yqbyougxxo&q=amp/gm5bqhj.g%C2%ADb%C2%ADe%C2%ADym%C2%ADw%C2%ADc%C2%ADg%C2%ADv%C2%ADk%C2%ADb%C2%ADd%C2%ADevll.com%E2%80%8B/cbvogermm&clnw=xokmakg&dhxrdhh=zgwr&tievm=savxww&gfpizxn=fnvGet hashmaliciousHTMLPhisherBrowse
                                                                                        • 13.107.253.45

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSyakov.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                        • 104.42.202.37
                                                                                        yakov.mips.elfGet hashmaliciousMiraiBrowse
                                                                                        • 13.98.208.5
                                                                                        novo.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 52.102.225.74
                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 23.101.118.75
                                                                                        novo.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 170.165.80.90
                                                                                        novo.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.192.254.97
                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.1.56.253
                                                                                        novo.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.154.6.214
                                                                                        novo.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 40.76.16.252
                                                                                        novo.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 13.89.137.150
                                                                                        MICROSOFT-CORP-MSN-AS-BLOCKUSyakov.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                        • 104.42.202.37
                                                                                        yakov.mips.elfGet hashmaliciousMiraiBrowse
                                                                                        • 13.98.208.5
                                                                                        novo.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 52.102.225.74
                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 23.101.118.75
                                                                                        novo.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 170.165.80.90
                                                                                        novo.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.192.254.97
                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.1.56.253
                                                                                        novo.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 20.154.6.214
                                                                                        novo.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 40.76.16.252
                                                                                        novo.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 13.89.137.150
                                                                                        AMAZON-AESUSyakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                        • 18.214.158.31
                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 52.73.253.16
                                                                                        novo.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 54.156.155.101
                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 54.18.3.77
                                                                                        novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 18.208.7.116
                                                                                        Iir6rxs8r6.exeGet hashmaliciousRhysidaBrowse
                                                                                        • 52.5.13.197
                                                                                        novo.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 54.133.143.33
                                                                                        novo.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 198.136.165.108
                                                                                        novo.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                        • 44.199.29.4
                                                                                        yakov.x86.elfGet hashmaliciousMiraiBrowse
                                                                                        • 54.27.151.237

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        27987136e29b3032ad40982c8b7c2e168112c9601e08da806119dcba615524b5.htmlGet hashmaliciousUnknownBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        New_Statement-8723107.jsGet hashmaliciousUnknownBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69
                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                        • 4.245.163.56
                                                                                        • 184.28.90.27
                                                                                        • 40.126.31.69

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):231348
                                                                                        Entropy (8bit):4.396080317052499
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:UHVYLq7gsU+dSSaUx7gs+fNcAz79ysQqt2uXi0qoQDDrcm0FvIYUyww4tNbQgAkQ:XGgb7mgPmiGu2cqoQnrt0FvXAboy/nU
                                                                                        MD5:AB1466AEB4E551B58FDBDC10BB9B4DA2
                                                                                        SHA1:830A236817C7BFEB6A5417E1E96DC3A0A66CAC69
                                                                                        SHA-256:3265490832CE8601B11A2C87B302B66BBB504A2503D5CD948AA8193C90BCA5CE
                                                                                        SHA-512:8C1666B8B7C50E6A9008D6D4164DAC78A989F087FE8EA6DE46EFAC34F86FCA55AF4DC7AE295C09CDBBD1ED3D1D8BA4C7F03C5D5E5361585608EBE58B47DE9172
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:TH02...... .@.cn........SM01X...,...p.Un............IPM.Activity...........h...............h............H..h...............h.........+..H..h\cal ...pDat...h.C..0..........h..:............h........_`8k...h.:.@...I.lw...h....H...8.=k...0....T...............d.........2h...............k..............!h.............. hb.[G..........#h....8.........$h.+......8....."h.N.......O....'h..............1h..:.<.........0h....4....=k../h....h.....=kH..hP...p.........-h .......<.....+h..:........................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):322260
                                                                                        Entropy (8bit):4.000299760592446
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                        MD5:CC90D669144261B198DEAD45AA266572
                                                                                        SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                        SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                        SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:ASCII text, with no line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):10
                                                                                        Entropy (8bit):2.1219280948873624
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:LCfdWdWn:uUUn
                                                                                        MD5:ABB6DFD8479B95B2BE0A3A7C59AFBD77
                                                                                        SHA1:C8E1E2AF6908BBDA9B61105465FBC0FE4F3EF6B3
                                                                                        SHA-256:E77118D67B02F024D12C9005FA50592875E35F94A20159CFDF4A3E311EAF0DC9
                                                                                        SHA-512:2BF0180E3BC29BDDE8B609BB5E396AB300B04A130E767AF75EEEF2D5F81FC8765590F21EB1CD95F0CAE110EBA6DE8FEC4B3051A5931D16035158817D9945BFD5
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:1727888383

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):4096
                                                                                        Entropy (8bit):0.09304735440217722
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                                                                                        MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                                                                        SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                                                                        SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                                                                        SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:SQLite Rollback Journal
                                                                                        Category:dropped
                                                                                        Size (bytes):4616
                                                                                        Entropy (8bit):0.1384465837476566
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:7FEG2l+C7/El/FllkpMRgSWbNFl/sl+ltlslN04l9XllC5:7+/lLzSg9bNFlEs1E39K5
                                                                                        MD5:340A8363B5707D29C19B240633E2D8FC
                                                                                        SHA1:FB5CD4560C22D893A46A0F378D82837A0CA8DE64
                                                                                        SHA-256:0598E43B3D7767A994B2080B6AA2A11293340CAA762DA80A31B26953928E9502
                                                                                        SHA-512:0AFF02DA15DCECE0A99526FC4A8C78D5745F17EB97D5B87BC73756491BB1D2D0FDE09A7DB2F137FF99F326F4BF365DEBC6DA0B567361057033C3B6AC82FA9B15
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:.... .c......8......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.04482848510499482
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G4l2Ls5hcQfLA/tl2Ls5hcQfLAntl8lL9//Xlvlll1lllwlvlllglbXdbllAlldc:G4l2aBA1l2aBAEL9XXPH4l942U
                                                                                        MD5:C8AC62C2E631389EEEF2ED87764AB1F4
                                                                                        SHA1:B4B62E5F07130A1AA500E78BDEF7EA6FDF05C2A1
                                                                                        SHA-256:BFBC61CC18ED4530153E61E9BD4D6A3119F11605D8307705FD1DABFEBBF6D1A3
                                                                                        SHA-512:88A9DE0AA92229F5F158FE68394A771BCBDCE6A60F771F107AE5F05E937314BE6FCD17C1AE5BFEF16CD447793E3C06F187DC430CD9284007B7981C07629AE62C
                                                                                        Malicious:false
                                                                                        Preview:..-......................_.I.m......8.N.dD.n......-......................_.I.m......8.N.dD.n............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                        Category:modified
                                                                                        Size (bytes):45352
                                                                                        Entropy (8bit):0.39473882468486904
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:Kol67Q4fQMIzRD6Eill7DBtDi4kZERD6YBxqt8VtbDBtDi4kZERDIAo0:H67PQjtill7DYM1xO8VFDYM
                                                                                        MD5:6A80222C184BAB51F73ADC20EC4984E6
                                                                                        SHA1:A1381785C1C1D5A7EF16C46410CDE72DEC63FE10
                                                                                        SHA-256:05C7F416D9FF6FEE23AD7E86F4E489F8BAE7430F5AE80DDCB5FCD824D6B415A2
                                                                                        SHA-512:46BC52D24C9CB28F3F86BD087AAA2FA0E73520BAE01AC2EAACDCAD321E69A8A63D5A0EC0193694BAF20E3000BDC5F04F27C6A3666F9F80DE54D1BCD2F81A4605
                                                                                        Malicious:false
                                                                                        Preview:7....-..............8.N.h...................8.N......|.SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\13733A6D.dat

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:PNG image data, 600 x 136, 8-bit/color RGBA, non-interlaced
                                                                                        Category:dropped
                                                                                        Size (bytes):135461
                                                                                        Entropy (8bit):7.992837219626457
                                                                                        Encrypted:true
                                                                                        SSDEEP:3072:x/3znaMpEeq23doB8uz9ShrtkfyPCX8VAr1Rs9V:xPZCcoB8uxSh2KjerrsX
                                                                                        MD5:217033C0DD70C6101385FB3B4B4BBAC3
                                                                                        SHA1:2D8EF06960F405F000C7E09C8EAF1E669EE91D2F
                                                                                        SHA-256:7432B1F925D22A87AF6DAFAF6C7900E79A73E8299AA2D755A0944E9F39D41299
                                                                                        SHA-512:84D2DA70A742D0CB26591D7A3B77CF9A34F32F3828EB21E80B5B86AE0D78B765F2234F1A728AF032F03FF1EF2F2706A18817EE430DDFE0FBAA0B60C7FEB22C9E
                                                                                        Malicious:false
                                                                                        Preview:.PNG........IHDR...X.........;......sBIT....|.d.....pHYs...#...#.x.?v....tEXtCreation Time.04/03/19...x....tEXtSoftware.Adobe Fireworks CS6.... .IDATx....$9.....{Dfu..d..HW.;.UI......'...@.....^.9a.]....A......ww...._........CoB.6E4....w.'......l{.m...EDi.4.n.;.o7...........m;..l...vc.7T.6.1.qE...L3..^.........>...9...;.....?m.}.~.q..l....;.o..;..F...a.....1..xq..<.O^.'......z1..8.f...1..&.0...;.i.M..6..a.9.q.........ay.w.)w...)4.!........q.sbE...).8'<e...[...|.(...+._:e.A...^.2......i}7o.Q9..:.,..I.D....c.r..{...U]c."..J.?).q.j......mk.....y..u..Fk.}k.......?........./w.o;...4.;..s.!1....n.....9....|........1y..1&...!K8..J.o.....m.h.i}C[...}..7z....m;..H{CuG.Fk7.;.7T7...P.....9.R.tUL....,w\..1.....7`b.............s..._8/.....:...zr.O.<.c0...f.9-u....9'c..^...K.0....3....OcN.&.3.9>.9.i0'L.=....;.?..t..q.....S_.Y..;uS...G.tp.4...=.;W.....E.)....s^..s...Z..:]....r..&5u....=...7.]..\.M`.:L3p8.....|..p.O.'..9.........M.v.kl.n.;....7..l...

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DA41151C.dat

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:PNG image data, 401 x 125, 8-bit colormap, non-interlaced
                                                                                        Category:dropped
                                                                                        Size (bytes):7122
                                                                                        Entropy (8bit):7.938577738210982
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:tajUi26T5R062bozihx83F/HKrO6jDKa+g:MjUi2N62boekxKi6nKTg
                                                                                        MD5:E2DFE5AD536EBD6FAF5977A3ACFFB8D4
                                                                                        SHA1:34BB385477E015EF393572E76AE264ADCDA00429
                                                                                        SHA-256:8FC6D5A8AB9AD2445B5123F4851F8E5F4B08683C72086DA4D23688000896ACBE
                                                                                        SHA-512:0211DEC822BE40E68887D752B07D6316E388028BDE927DFCB01549533947FE19FF78D9664146BAD2D6BE3B433A7DF0CFD2657C84D8F78F72A1816C5209683988
                                                                                        Malicious:false
                                                                                        Preview:.PNG........IHDR.......}.....T..(....PLTE....5............p.1.Oe...p.......-.....z."..$...o.0..,z....'z.....y..........<....ku......#z.{ik...wx....v/G.DT~lv.-C......p.8...tM\...rSb.uvw...........\n....MU.]c.iy.DN.6L.moyY`...........{......IDATx.....8.........V.........m;......?u%.op...L...m.B.E.*.$i.>...?J..{../.>-....%.[......~..c...D.M..D~...G...>.d.7.........!..^..b.*"...dD..........1.IpL....._.v.&D.8.....s.oC...L..>......?.Dk.\G.y...7...M.V.k..OrH...y....,Y^O.&B..k,..............1.n.6....gw)..3'..L.s..P.3.<....`.GQ.r.`..j.(.h.G.....g.........t.`(qj...i(..h..L..D.......m...4d.G).U%.7....D....;-..'~.<..t.Hf2..}-.7N...>.k..:..d.v..DD..r...j^{d|.N.D.U..n=.....z....D.5..l_M$N3qK3..:=6:J3I.........8.Q.n....u....MGx.......-.N._7e{#......}.!..._...>-....l.4M7.9_..N.....Jl...?.Wqef..._R8.%.. .....[.^.S..>L.p........n..9.2.(S.f..7.......q...g.R7.`sud9.<..}U.&...i..3..M.s..SyO'Jy...iQN.y......M....W+0|..K3..tx...N3Kx......U.Sx....WG>..5.#

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{F0385F14-37D8-4E90-B012-F70CEA88627B}.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):7424
                                                                                        Entropy (8bit):3.4869756012482642
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:Jt/q9Xr8o4wGIPggggbrX2wKcQ5DxDMknD2PI7WwKIYFmJOhw5LxYYYYL0hfUwK:LA8oVYx5ivxN+OMJx
                                                                                        MD5:93C622CB3784143A5B3ECA5B16063D41
                                                                                        SHA1:7CD3024B362B1B636204BC1C6A4A994211CEEEC1
                                                                                        SHA-256:757D878F62FEC72CCF0A8321314FED2E8931398A3BD9BF288FB4F0491A8F6491
                                                                                        SHA-512:408510B8CA2C8F6C8603FA886CE90A33980E91DDA7A08AFEAC6161DFC9DD470DE37A67DDB3C22675424B14C5E603E21E550A0FFE597AE3726170AD9F8A73EE4D
                                                                                        Malicious:false
                                                                                        Preview:....E.X.T.E.R.N.A.L.:...D.o. .n.o.t. .c.l.i.c.k. .l.i.n.k.s. .o.r. .o.p.e.n. .a.t.t.a.c.h.m.e.n.t.s. .i.f. .y.o.u. .d.o. .n.o.t. .r.e.c.o.g.n.i.z.e. .t.h.e. .s.e.n.d.e.r.........I.N.C.L.U.D.E.P.I.C.T.U.R.E. .".c.i.d.:.o.e.-.b.a.n.n.e.r.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . .......................................................................................................................................................................................................................................................................................L.......j...R...........*...~............................................................................................................................................................................................................................................................................$..dh.........,.[$.\$.a$.............[$.\$......dh...........[$.\$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.....

                                                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727888379313153900_76DC01A7-67D3-4217-A241-867320A5E178.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:ASCII text, with very long lines (28751), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):20971520
                                                                                        Entropy (8bit):0.16150776164137026
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:JcSBnY/OrCcCglSFOAffKJBBN3s83kIM3x4B0SZWqz8+:pY/iR
                                                                                        MD5:56407F7DD6809374892069965452A567
                                                                                        SHA1:25A4FFCE8D7F3F23492EC6878EB2C0C02C1A90D5
                                                                                        SHA-256:8361E68CD08581C3329B6DDD8C676939DE8C19222D9EC204550040DB94AC6A42
                                                                                        SHA-512:98B8231BC14943181601011B37BE825EDCEE4007B575F6D85D3A2F1FA03964853D0E9003A221723EC9CBAD9C5CD01B21603E6EDCB18C55F910610D805AE5CDAB
                                                                                        Malicious:false
                                                                                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/02/2024 16:59:39.344.OUTLOOK (0x1B80).0x1B84.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-10-02T16:59:39.344Z","Contract":"Office.System.Activity","Activity.CV":"pwHcdtNnF0KiQYZzIKXheA.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/02/2024 16:59:39.360.OUTLOOK (0x1B80).0x1B84.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-10-02T16:59:39.360Z","Contract":"Office.System.Activity","Activity.CV":"pwHcdtNnF0KiQYZzIKXheA.4.12","Activity.Duration":11533,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                                                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727888379313840300_76DC01A7-67D3-4217-A241-867320A5E178.log

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):20971520
                                                                                        Entropy (8bit):0.0
                                                                                        Encrypted:false
                                                                                        SSDEEP:3::
                                                                                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                        Malicious:false
                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1259380898-7040.etl

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):94208
                                                                                        Entropy (8bit):4.466382174096268
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:2EAwzoqt4NUqCiSyo+Fz4Q5L9PO3+WpvyXgQo:bh04Q5L9PO3+2aXJo
                                                                                        MD5:23FB224BD9869024C6CAAB08F9C7168C
                                                                                        SHA1:312652E820F09B88F100FDC67F018CDB9FA4FE79
                                                                                        SHA-256:CBF34B9D06822F611ABD2CE15161824A0898D19832BC898381341BDB8780992C
                                                                                        SHA-512:70AC2D406C978CCE8EA8D5D0AC98BDBE763EF99421AFBF80A04BF84654806B84ED08DA5F9CFA9EDD627318CEC8198575523F0BD7FE615F7C80EF5C3310C660D1
                                                                                        Malicious:false
                                                                                        Preview:............................................................................`..............w....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y.............w............v.2._.O.U.T.L.O.O.K.:.1.b.8.0.:.2.1.5.7.8.c.3.0.0.a.9.0.4.b.c.5.8.e.4.7.9.5.3.a.9.2.7.b.d.b.1.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.2.T.1.2.5.9.3.8.0.8.9.8.-.7.0.4.0...e.t.l.......P.P............w............................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\olkE346.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):4389
                                                                                        Entropy (8bit):7.929348014766379
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:ExpWgcijyDYbUdaau3i5iHxGk54xdAzRRABiyjYugOmd:MlRb/ayHHXmdAFSZ78
                                                                                        MD5:BAD6E29A274D1DF6BE0DB22A8A5AC0C1
                                                                                        SHA1:7C3AB8B5224B1EB987CAC8EE7D32E62F7DB02A97
                                                                                        SHA-256:06AE0C4CCC6CCA82388FAAE8D560D3849DCB1D498150CA248FEC2210A1BB9A8D
                                                                                        SHA-512:BDA32B1F8A404D6360209C493C439368DEB36B5CC2708B03F347625DE17669D13CE421B94CA5F2CB59916FCA1C30E2CDF6602E61CBF92BED1CA46C8D3C11A47F
                                                                                        Malicious:false
                                                                                        Preview:.].l.K4.CQ.t:.I...k.$.|......h..o~G....B%...O1...B.z.E...Z.l. M*.z.F.E.r....R\..q!...0....A'.|l.E..A.r..',.%5.....d.d8.\.l6SdYD.....0j..]T]`;Y.&9..Ro....o..4[m..].I.QU.Sw...e.0]$Y.....g...#..|.,..B.(....[..e%3.3.......o.(r.......~L.E$BE.c...S..q\...Vm.Mm...}.....5..(.4.-..@...d..X....5.........)....Y..+j...:....Y....Y^......lY....IDAT..9.w....x...f..$.&.."T.....P...Y/c..>.V.*...M...2.l../_.sy=D.]6..!.F..t......#.3...)..)...RP..4.e\LCc<.f....2E. ...A...._..W/_S.....~.....q.].(...S.$ASu.$.*BZ......(....1.O)..........2^..Y] J"vMe:>....;..,GC....[.rt.........T.....>..|..S...m..lb.~..@..@.E~.._.Z.Y..d..(.).....n..e#K2...o.....?..].pM...0....pB..HrI..*.....'.0M...W..A.......'OPU..xJU.4.m."#N..s.....M_...Y.......2_.8..Y..hK....Nx....~.o.......o.b.%.}...h.Z.p]......F.u.`.t6......*.v.G.\L.....y.b..."........00..!"%y.......A.x......[..N......(.+.08`<z....[....T\...Q.(...._18.....P.......9;}..?.;..B.....k..Z....7:..]..>...n.,4.......0\...

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):30
                                                                                        Entropy (8bit):1.2389205950315936
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:NBl7tt:17t
                                                                                        MD5:46ED398A6B327D2420345D2BA60F05CF
                                                                                        SHA1:923BB2CCD4AE6144AB171C56E704645242DD7557
                                                                                        SHA-256:EE4B8F5EB8F9F1F8ED12A895045F8C8146140A25B9305DDC1AF50882C37E19F9
                                                                                        SHA-512:1952B2D34E3E7B63BF1CA5F1A50E775AE632C770F5EC598F40AD3B9395A8778033563917EA19A6139160D23C59FB0D0D0E74823700D6D2E6B0CBD7DEE167AC33
                                                                                        Malicious:false
                                                                                        Preview:....:.........................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                        Category:dropped
                                                                                        Size (bytes):16384
                                                                                        Entropy (8bit):0.6696506080367315
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:rl3baFqKEqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCXzStp:ryXmnq1Py961XzS
                                                                                        MD5:E999CCF7880FE3DBFF3A188C6FE3AC96
                                                                                        SHA1:17C0A099D5811EFC7E1DBAE5D28B15267F755C54
                                                                                        SHA-256:8DD07B004963C9E0A7DEC4509CDFFD51F08D4D4D48B0556EAAE618D4B6C84229
                                                                                        SHA-512:A189D8905755EA6756E3EF2299BF2C101C40889E96056CADD1C41292EB6FF788014C778ED5CDACA1D3A16D1D32B885B45FEA1A521C1DE69BF6D5250A868BF306
                                                                                        Malicious:false
                                                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:59:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2673
                                                                                        Entropy (8bit):3.99320421198241
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8hOdaCT6uFlHxDOidAKZdA1FehwiZUklqehVy+3:8y7fo2y
                                                                                        MD5:70790127C4DD812FE33EE50272815F10
                                                                                        SHA1:886BDA203E03840A39FF5DD899D8932FC7408389
                                                                                        SHA-256:EA88CFFAB92EF26863BB511070F098B7AD3CE2F687217360E3A5B0E37015F6A3
                                                                                        SHA-512:0D6D3873FBE0FF7A579AE986377BE4F43D36B9CB6A02077AE565AAFDA387397B0D3C640754DC58E8E693E7B9C94F477F4461C17CFB94C74387776111B5B905E5
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:59:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2675
                                                                                        Entropy (8bit):4.007626590008504
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8kgOdaCT6uFlHxDOidAKZdA1seh/iZUkAQkqehmy+2:8A7fe9Qry
                                                                                        MD5:8286693AE2D79225AA6420F49CFCD3C8
                                                                                        SHA1:ADEE7378D43153059933CD1D17ACBFAC80DB37E2
                                                                                        SHA-256:7A46B5718164F1B75851D61791C7B95989B217E31BAAD4F4B78D4EFFDDBF1585
                                                                                        SHA-512:06316DCDFA6642D81EE695D2086843E7E5F8638AB4A58CC01596A89445166890B5A5FBE1D7B31772EF0BB088AA9CDDEFEF9F6FA2180DA12B57940D1879725F08
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,....<:......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2689
                                                                                        Entropy (8bit):4.012768235706682
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8iOdaCT6uFAHxDOidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8d786nyy
                                                                                        MD5:6F51E5762A59EB0452D34B0BF274AE7D
                                                                                        SHA1:9ED9B6B3A345045398FAFCAB6FC5241E3337B4E1
                                                                                        SHA-256:2FB01F569B2D07BDC6AC21FCC20C43F05649C3B467CC8CE6B93CDD927CDFD44D
                                                                                        SHA-512:5131245275DE24DF84755E9AD8EA8A39AFBD5D2CBA9550B8314649505436495A680766766E277F41282008435439C36F4F0D60EC888A89B6ECFC6B39D3E6F12C
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:59:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2677
                                                                                        Entropy (8bit):4.006499847835467
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8TOdaCT6uFlHxDOidAKZdA1TehDiZUkwqeh6y+R:847fVUy
                                                                                        MD5:D71F03A6EF090555C94E49E0CE94D8F4
                                                                                        SHA1:B533DAEDD150BC7FC1E27F9F220B31C0CA25277C
                                                                                        SHA-256:A696EC9943242622263C2C2229414FDF5B2C65434860A30484551ED309EAD95E
                                                                                        SHA-512:C70E12D4EE9E10FD3E7FA6CCB6991205FAFA5011A1FDE18BCC2DFEA8C9DFEC36A541F4819A12F847D049325AE290BE5300E4FAF492C359475E7C6E3C07164B52
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,....^.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:59:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2677
                                                                                        Entropy (8bit):3.994149235298981
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8LOdaCT6uFlHxDOidAKZdA1dehBiZUk1W1qeh4y+C:8w7fl9Yy
                                                                                        MD5:5AD60D53482582B70E1484F496182C27
                                                                                        SHA1:31F84E4EF1190C38179FF9D43178D52BFBAD1567
                                                                                        SHA-256:0004B504F2B08D2EFED705D1C2EE4B950C1641F7E60CD9CB2BF6D8BE2E6B808D
                                                                                        SHA-512:AAB19D658F7B7F84991A970B4C9E3259A0A338781E6DAFD4A2AC077974ABB395BCDAB918BA07B79411E555C2440E0420311A1DCA21FA64A94A701AE184FD172A
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 15:59:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):2679
                                                                                        Entropy (8bit):4.002230315989832
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:8yGOdaCT6uFlHxDOidAKZdA1duTeehOuTbbiZUk5OjqehOuTbyy+yT+:827fNTfTbxWOvTbyy7T
                                                                                        MD5:F239ED6E455DD0457347BC153166CC38
                                                                                        SHA1:7F569D0B6D9685F1C28F6CD4F01FAEC9F48E0253
                                                                                        SHA-256:88E50188F99B2CFE9F9AEAC84F2CB40ABD1E04AB0E56AE25F78706E337214E47
                                                                                        SHA-512:65FD87760F5C1D8EA121E781DB157E4C30D1F9E979A68BE329D99D9EAF0E727A46466AC9F9B901F1A68ACEC6F40A9B1614D25EBC59FD9CF575422E323A69499A
                                                                                        Malicious:false
                                                                                        Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IBYi.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYz.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VBYz.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VBYz............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VBY|............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............4d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:Microsoft Outlook email folder (>=2003)
                                                                                        Category:dropped
                                                                                        Size (bytes):2302976
                                                                                        Entropy (8bit):0.12475287528314132
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:LcWIjc5j5Za4vUUU9gOd7L5hINagF7Y577028aNzYsp/z:gWQcsXNfZ+21Nvpr
                                                                                        MD5:796D69EBAB308EDCE1DD00F8FAD83BD5
                                                                                        SHA1:8846345737CDE47D6EAECABF4DA4D385CF0050B3
                                                                                        SHA-256:061A487ECBF678B2EF4CE3D315EF92DF5AD3723955054C20A8331C97B95C9042
                                                                                        SHA-512:49C1D8DF9A19445744B7D1A4457032668B8FF78511D1F761F54688B38E9C20901284EC94FDEA5A7108BD712AF326CBB07AC7961A0F5B742D54BCF628B2B04329
                                                                                        Malicious:false
                                                                                        Preview:!BDN+...SM......\...............].......G................@...........@...@...................................@...........................................................................$.......D......................U...............\...................................................................................................................................................................................................................................................................................................*.F!o.@.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                        Download File
                                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):131072
                                                                                        Entropy (8bit):0.033975545635838565
                                                                                        Encrypted:false
                                                                                        SSDEEP:6:8qnhllQ+a4/kulYO/0J0Jk+FllxlUn6/4t/0:9nq74NlYOzF/xlgM
                                                                                        MD5:B6383191E53A289DC5B3CEDFF7658632
                                                                                        SHA1:818AB618423762942BB05C314A245474CE16CCB7
                                                                                        SHA-256:41F20479F998660AC818C57B7A7FCC02C9F5F50C9EFE2BE0B3900941D0975155
                                                                                        SHA-512:C87888969E3EE35BC2987BA2959232F4CD440D72A2AE42EC63CAE44B97C74ECF71D597D0998BBBA8CB738F8B3E1DE6C979387B5AE70E088BAB83013AF81BF1C3
                                                                                        Malicious:false
                                                                                        Preview:.[.Y0................qtw.........$#...........#.!BDN+...SM......\...............].......G................@...........@...@...................................@...........................................................................$.......D......................U...............\...................................................................................................................................................................................................................................................................................................*.F!o.@.....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Chrome Cache Entry: 54

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:ASCII text
                                                                                        Category:downloaded
                                                                                        Size (bytes):569
                                                                                        Entropy (8bit):4.896633254731508
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Uc11FP/sO6ZRoT6pHAciJkSAx/s6ZmOHc9n+5cMK00k14enEPCedG:3F8OYsKuJXYmOOk4TfenEPCD
                                                                                        MD5:71D6A57D21337114032CA39B294F3591
                                                                                        SHA1:ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E
                                                                                        SHA-256:36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
                                                                                        SHA-512:BC5F5B55C2741FED993D5D25A36030028C388C8888EA2D1D1F24970AEC4F856CDA366940B99D54FF2D4D9AF16DF8DE39AB847A7BA2BE0B649DE1CE2C9E70A330
                                                                                        Malicious:false
                                                                                        URL:https://fonts.googleapis.com/icon?family=Material+Icons
                                                                                        Preview:/* fallback */.@font-face {. font-family: 'Material Icons';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2) format('woff2');.}...material-icons {. font-family: 'Material Icons';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. -webkit-font-feature-settings: 'liga';. -webkit-font-smoothing: antialiased;.}.

                                                                                        Chrome Cache Entry: 55

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:ASCII text, with very long lines (2365)
                                                                                        Category:downloaded
                                                                                        Size (bytes):2896
                                                                                        Entropy (8bit):5.273511222409118
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:QuRAhy4ZXXxSqr8yzih3564l0w4wnqiQYn6dHYj7CbDUIaGUzwSJR5bE+Xq04A2M:7RAZXhSy2hJ64p4wnqi/6yCzUzpR5tfh
                                                                                        MD5:90F37A76EB30C7DE122F7D69D5083E0E
                                                                                        SHA1:71FB8CF64D08B2976DD0E882866F621749D8366D
                                                                                        SHA-256:9EC3A698FDAF911FF786CD93073EFAD7D6C0BFC8E2BADB4BC95FA7ACB65BA1F6
                                                                                        SHA-512:1E4A2E3FB1BACE1E7B1EF657D7956C84C2BBEBEF6393F714834A13B7B14C73F62B05746128CC23ADDB2DDB60E352E138AC56422515C5D63BF97F34C4F2D1AE42
                                                                                        Malicious:false
                                                                                        URL:https://csi.ehr.com/assets/index-DyLirHvO.js
                                                                                        Preview:const __vite__fileDeps=["assets/mainApp-B4DHjQ3e.js","assets/mainApp-D3RIoe8y.css"],__vite__mapDeps=i=>i.map(i=>__vite__fileDeps[i]);.(function(){const i=document.createElement("link").relList;if(i&&i.supports&&i.supports("modulepreload"))return;for(const e of document.querySelectorAll('link[rel="modulepreload"]'))u(e);new MutationObserver(e=>{for(const t of e)if(t.type==="childList")for(const r of t.addedNodes)r.tagName==="LINK"&&r.rel==="modulepreload"&&u(r)}).observe(document,{childList:!0,subtree:!0});function l(e){const t={};return e.integrity&&(t.integrity=e.integrity),e.referrerPolicy&&(t.referrerPolicy=e.referrerPolicy),e.crossOrigin==="use-credentials"?t.credentials="include":e.crossOrigin==="anonymous"?t.credentials="omit":t.credentials="same-origin",t}function u(e){if(e.ep)return;e.ep=!0;const t=l(e);fetch(e.href,t)}})();const p="modulepreload",y=function(o){return"/"+o},m={},g=function(i,l,u){let e=Promise.resolve();if(l&&l.length>0){const t=document.getElementsByTagName("l

                                                                                        Chrome Cache Entry: 56

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:ASCII text
                                                                                        Category:downloaded
                                                                                        Size (bytes):28702
                                                                                        Entropy (8bit):5.522816737647509
                                                                                        Encrypted:false
                                                                                        SSDEEP:384:mp2tkCtkxS32XOMtuHsk2YlJtz8ub27Swt6zwi2SnPtJe/22m7jtVqGytIFzktQ1:n
                                                                                        MD5:46B946DC2B2565A61D3FF830AA08FB79
                                                                                        SHA1:DB0FD03B7ABDCB3A0B00F4A72E5436A33F425406
                                                                                        SHA-256:0BBA7198FA875AF494AB94C7A79086B9FC2058F21A637665D5179A81C87E4052
                                                                                        SHA-512:89AEEC8082940C81A5F96F2C24AE874D2D7A336EA7BD0F3CC81E73B7B4165AA69CB6C2DE2C8E3921282E3E1A3360BC0A45A93F78E72139CE31A2E5E76983D62B
                                                                                        Malicious:false
                                                                                        URL:"https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i"
                                                                                        Preview:/* cyrillic-ext */.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdh18Smxg.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdo18Smxg.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdg18Smxg.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Source Sans Pro';. font-style: italic;. font-weight: 200;. src: url(h

                                                                                        Chrome Cache Entry: 57

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:ASCII text
                                                                                        Category:downloaded
                                                                                        Size (bytes):631
                                                                                        Entropy (8bit):5.033155439921193
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Uc11FPk+5O6Zj66pHAH6ygFg1wcw47gbSAFk+56ZmOHc9n+5cMK00k14enEPCedG:3Fs+5OYj6Ko6yIgCcw40SR+5YmOOk4T8
                                                                                        MD5:AADB88E6BEE5E015D3ACD7DDB8B6B2D3
                                                                                        SHA1:0194972669FA46CEC23D18AD05FD3B983356D2CE
                                                                                        SHA-256:C49A4CC94C23577F257269D8FAD3D4D6F49ED1579C533EF733A7C10342144577
                                                                                        SHA-512:AEB9C664CAD26E4D88DC5C9F715DA7881BDE9BBFD99B4509347144A684F424DC3C42C65651337F1A1C75DBFF8C6BD1F9C18828E9319D869500289E0D7F02359D
                                                                                        Malicious:false
                                                                                        URL:"https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200"
                                                                                        Preview:/* fallback */.@font-face {. font-family: 'Material Symbols Outlined';. font-style: normal;. font-weight: 100 700;. src: url(https://fonts.gstatic.com/s/materialsymbolsoutlined/v210/kJEhBvYX7BgnkSrUwT8OhrdQw4oELdPIeeII9v6oFsI.woff2) format('woff2');.}...material-symbols-outlined {. font-family: 'Material Symbols Outlined';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. -webkit-font-feature-settings: 'liga';. -webkit-font-smoothing: antialiased;.}.

                                                                                        Chrome Cache Entry: 58

                                                                                        Download File
                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        File Type:HTML document, ASCII text
                                                                                        Category:downloaded
                                                                                        Size (bytes):1373
                                                                                        Entropy (8bit):5.038093205720792
                                                                                        Encrypted:false
                                                                                        SSDEEP:24:hYOYuOFcF4yQOD6GwGq0A/SGQDGQO8qk+m1xW49CL2vHVhPWyV4N15jd/g:RbtHA6hO8AEW4wL2v7EN1Rlg
                                                                                        MD5:931770AC515E42BD1378A93C4078F540
                                                                                        SHA1:53A9F02FD9C473FA097318456F9BF47010DBA732
                                                                                        SHA-256:39DF933ED421B30284F98F9775C0A9292C462059CAEC62B48CFB0F9AE505D135
                                                                                        SHA-512:98B46DB55E441700DD437BF26E6B94C3186087D995E37013EADC16135D18E17DF2B10BE0D74FF091C367C35D745D28DD5ADE639B2C99EB984128EBD8B8144078
                                                                                        Malicious:false
                                                                                        URL:https://csi.ehr.com/ESS/Home/login.aspx
                                                                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>.. <meta charset="utf-8" />. <meta name="viewport" content="width=device-width, initial-scale=1" />. <meta name="theme-color" content="#000000" />. <title></title>.. <meta name="robots" content="noindex" />. <meta name="mobile-web-app-capable" content="yes">. <meta name="apple-mobile-web-app-title" id="apple-web-app-title-placeholder">. <meta name="apple-mobile-web-app-capable" content="yes">. <meta name="apple-mobile-web-app-status-bar-style" content="default">.. <link rel="apple-touch-icon" id="apple-touch-icon-placeholder" />. <link rel="apple-touch-startup-image" id="apple-touch-startup-image-placeholder" />.. <link rel="manifest" id="manifest-placeholder" />.. <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:200,200i,300,300i,400,400i,600,600i,700,700i,900,900i">. <link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">. <link rel="s

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:RFC 822 mail, ASCII text, with very long lines (2221), with CRLF line terminators
                                                                                        Entropy (8bit):6.115805659254237
                                                                                        TrID:
                                                                                        • E-Mail message (Var. 5) (54515/1) 100.00%
                                                                                        File name:phish_alert_sp2_2.0.0.0 (1).eml
                                                                                        File size:213'387 bytes
                                                                                        MD5:66b5155055c7cc365141f659989ccd23
                                                                                        SHA1:e893f36561b684879decda0d05a9f41b54a0c830
                                                                                        SHA256:201fdd96c1151af9f66613def2d889d359d6f9e8c24738d3ad7950e8bb0d247a
                                                                                        SHA512:989aba160b91ec28b06ce076d5e9952915d8d141173d1833572bbbc82ecdb62882374ad84d12bfa5a9fbc8ab2ae1ddaca4d448b52a54a1258367e7d8da67ad38
                                                                                        SSDEEP:6144:jJkQzik6CLsCI2dzyQcneg3nHf+uKwwWJQ45P:tlAUdmig3nY1WJQ4N
                                                                                        TLSH:1B2402B0B18D11970520B379B3917567F7A102D3276253A83B7C92681FCEC31A7A7E7A
                                                                                        File Content Preview:Received: from MN2PR07MB7214.namprd07.prod.outlook.com.. (2603:10b6:208:1d2::16) by BYAPR07MB5958.namprd07.prod.outlook.com with.. HTTPS; Wed, 2 Oct 2024 14:01:21 +0000..Received: from AS9PR05CA0183.eurprd05.prod.outlook.com.. (2603:10a6:20b:495::19) by M

                                                                                        Static Mail

                                                                                        General

                                                                                        Subject:ALERT - ACTION REQUIRED: Make Your Benefit Elections by 11/1/2024
                                                                                        From:"Benefit Connect Service Center for Constellation Software Inc." <CSI.BenefitConnect@ehr.com>
                                                                                        To:Deah Paulson <deah.paulson@vontas.com>
                                                                                        Cc:
                                                                                        BCC:
                                                                                        Date:Wed, 02 Oct 2024 09:00:29 -0500
                                                                                        Communications:
                                                                                        • EXTERNAL: Do not click links or open attachments if you do not recognize the sender. Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Your privacy is important to us. To learn more about the personal information we collect and how it is used, you can find our privacy policy at https://CSI.ehr.com. @media screen and (max-width: 600px) { table[class="body-table"]{ width: 100% !important; } table[class="premium-credit"] { font-size: 16px !important; } td[class="body-main"]{ max-width: 600px !important; min-width: 360px !important; } td[class="spacer"] { width: 30px !important; } td[class="main-content"] { width: 280px !important; } tr[class="application-details"] { /*display: none !important;*/ } tr[class="application-details-mobile-grid"] { display: table-row !important; } td[class="application-details-label"] { width: 100% !important; border-right: none !important; border-bottom: 2px solid white !important; } td[class="premium-left"] { width: 66% !important; padding-bottom: 5px !important; text-align: left !important; } td[class="premium-right"] { width: 33% !important; padding-bottom: 5px !important; text-align: right !important; } td[class="callout-mobile"] { font-size: 16px !important; } img[class="mobile"] { width: 600px !important; } h1[class="mobile-head"] { font-size: 30px !important; } h2[class="mobile-subhead"] { font-size: 20px !important; } td[class="total-monthly-mobile"] { width: 280px !important; } h2[class="mobile-total-head"] { font-size: 20px !important; margin: 20px 0px 10px 0px !important; padding: 0px 0px 10px 0px !important; } p[class="mobile-total-amount"] { font-size: 20px !important; margin: 0px 0px 20px 0px !important; padding: 0px !important; } p[class="footer-mobile"] { margin: 20px 0px 30px 0px !important; float: none !important; text-align: center !important; } } EXTERNAL: Do not click links or open attachments if you do not recognize the sender. Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Your privacy is important to us. To learn more about the personal information we collect and how it is used, you can find our privacy policy at https://CSI.ehr.com. EXTERNAL: Do not click links or open attachments if you do not recognize the sender. EXTERNAL: Do not click links or open attachments if you do not recognize the sender. EXTERNAL: Do not click links or open attachments if you do not recognize the sender. Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Your privacy is important to us. To learn more about the personal information we collect and how it is used, you can find our privacy policy at https://CSI.ehr.com. Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Deah Paulson,Our records indicate that you recently experienced an employment event that allows you to change your benefit elections.IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network.Failure to make an election will result in coverage being automatically waived.To review and/or make your elections, click on the link below.https://CSI.ehr.comIf you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035.Thank you,Constellation Software, Inc.Employee Benefits***PLEASE DO NOT RESPOND TO THIS EMAIL*** Deah Paulson, Our records indicate that you recently experienced an employment event that allows you to change your benefit elections. IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network. IMPORTANT: If your event is or includes an address change, you must log into https://CSI.ehr.com to confirm any changes to your coverage. You may have lost your medical coverage due to moving into a new network, or the cost of your medical coverage may have changed. In the event that your current election is no longer available in your new location, and therefore you have lost medical coverage, you MUST elect a new medical plan, even if it is the same plan in your new network. https://CSI.ehr.com https://urldefense.com/v3/__https://CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$ Failure to make an election will result in coverage being automatically waived. Failure to make an election will result in coverage being automatically waived. To review and/or make your elections, click on the link below. https://CSI.ehr.com https://CSI.ehr.com https://urldefense.com/v3/__https://CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$ If you have any questions, please call BenefitConnect Service Center for Constellation Software Inc. at 855-567-0035. If you have any questions, Thank you, Constellation Software, Inc.Employee Benefits ***PLEASE DO NOT RESPOND TO THIS EMAIL*** Your privacy is important to us. To learn more about the personal information we collect and how it is used, you can find our privacy policy at https://CSI.ehr.com. https://CSI.ehr.com https://urldefense.com/v3/__https://CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$
                                                                                        Attachments:
                                                                                        • logo-client
                                                                                        • oe-banner

                                                                                        Headers

                                                                                        Key Value
                                                                                        Receivedfrom n20-ob-0642vm1p (Unknown [10.207.219.27]) by N20-IT-SMTP002P.int.dir.willis.com with ESMTP ; Wed, 2 Oct 2024 14:00:29 +0000
                                                                                        Authentication-Resultsspf=softfail (sender IP is 67.231.151.23) smtp.mailfrom=ehr.com; dkim=fail (body hash did not verify) header.d=ehr.com;dmarc=fail action=oreject header.from=ehr.com;compauth=none reason=451
                                                                                        Received-SpfSoftFail (protection.outlook.com: domain of transitioning ehr.com discourages use of 67.231.151.23 as permitted sender)
                                                                                        Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=CSI.BenefitConnect@ehr.com; dkim=pass header.s=ser20220201 header.d=ehr.com; dmarc=pass header.from=ehr.com
                                                                                        Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=ehr.com; h= content-type:date:from:message-id:mime-version:reply-to:subject :to; s=ser20220201; bh=P2/VgtyZxHfDNepmo92457VrNE55ZiXsyIjrFH9aN I4=; b=kLmcX6p7VRqEROslGX8JWAStb+l1Qrj68x1vsbizGp05GpkFujg3NkVw3 DNifyGs5/KYt7BzCFDjABEyoWBWzdt0yNxVbHJjkJHLnPuUV95Ew3N4PgRlIRa84 vr7nELXjkGwLoTGcHJYsH3Oh8MCubRabKcaGrAIQWMDZXHI8MntduXBROgy2VwSF docm1QQgiXOzTNELizWYK1ugEj3FH4/5i/YGaG6Zs68KBX0bG2r7dJKvEWxPVrEK 1OHaak4b4usiV9H++zBzYk2FbVsrGZzu+L3aM1VB0gUUKynziahUxTQAY/TUaTWg tHzR+VvAdSFMX+sLK19tb6KfWiYYg==
                                                                                        Message-Id <C1386920-7C7D-4CAB-A0E9-C1BE93EAB80C@N20-IT-SMTP002P.int.dir.willis.com>
                                                                                        Reply-Todonotreply@ehr.com
                                                                                        From"Benefit Connect Service Center for Constellation Software Inc." <CSI.BenefitConnect@ehr.com>
                                                                                        ToDeah Paulson <deah.paulson@vontas.com>
                                                                                        DateWed, 02 Oct 2024 09:00:29 -0500
                                                                                        SubjectALERT - ACTION REQUIRED: Make Your Benefit Elections by 11/1/2024
                                                                                        Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17278866747540.3384102607974806"
                                                                                        X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-02_14,2024-09-30_01,2024-09-30_01
                                                                                        X-Clx-ShadesMLX
                                                                                        X-Proofpoint-GuidMEPb1vyLtIEHWFu51L68dh_4LJKoQ7X6
                                                                                        X-Proofpoint-Orig-GuidMEPb1vyLtIEHWFu51L68dh_4LJKoQ7X6
                                                                                        X-Clx-Response 1TFkXGx0TEQpMehcfHBEKWUQXZ2EBW3xyH3l/W2YRClhYF3oZHBsbG2l5G2R NEQp4ThdkbFhdf0sSTmtLWhEKeEsXehkcGxsbaXkbZE0RCnlMF2tFQx5vSGtwaWgBEQpDSBcHGx gfEQpDWRcHHxkTEQpDSRcaBBoaGhEKWU0XZ2ZyEQpZSRcacRoQGncGGx8TcRkSEBp3BhgaBhoRC lleF2xseREKSUYXXEVGS1hDWXVCRVleT04RCklHF3hPTREKQ04XZ296SBtcU2ZeY29ifWxfHxtm HBJOQnUeZmBhRXsdchwRClhcFx8EGgQZHRwFGxoEGxoaBBsZHgQZHxAbHhofGhEKXlkXT2dcSGs RCk1cFxkZGxEKTFoXaXhpXU1NEQpFWRdoa2sRCkxfF3oFBQUFBQUFBQUdEQpMRhdva2tja2sRCk JPF25zUBNrYHgeHBhuEQpDWhcbHhkEHx8EGx4eBBgZHxEKQl4XGxEKQlwXGxEKXk4XGxEKQksXZ GxYXX9LEk5rS1oRCkJJF2RsWF1/SxJOa0taEQpCRRdnaRtgUl5SfQVZXhEKQk4XZGxYXX9LEk5r S1oRCkJMF2B/bFp6Xn5fS35cEQpCbBdiYWBvbEZ6a0MSaxEKQkAXZU1ST2lfYh8YHE0RCkJYF2B yaUtfXk1dWhp/EQpaWBcYEQp5QxdjZUBkRE0cQ3kBHxEKWUsXGxoeGxoRClpLFxsaHhsaEQpwZx dheWVmH0Fle0dachAbEh8RCnBoF2huSUlZH2JHSxtiEBsYGREKcGgXY0BoemtgaWx/Rm8QGRoRC nBoF2ddE115WFNgXgVAEBkaEQpwaBdkf1JPa2NGGRxoRBAZGhEKcGgXbVlQHm9eWmB4Gn4QEx8R CnBoF2tkHXBGblJ7ZVpZEBoRCnBoF218eUZ8WXl+HmNGEBwaEQpwaBdobXNOegVeR3B8YxAaEQp wfRdve0taYmBoG0kSZhAZGhEKcGMXbHBmZk1aaUhsfXMQGRoRCnBjF2AcSWBaQG8cUmFcEBsbGx EKcH8Xeh8eTBNjT04cRFIQGxkbEQpwXxdiZEZGTlxEHUkcThAZGhEKcGwXYGd+HXBhW2xuGwEQG RoRCnBDF3pmSF9ue1pvH01uEBsfHxEKbX4XGhEKWE0XSxEg
                                                                                        MIME-Version1.0
                                                                                        X-ProofpointheaderYes
                                                                                        X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 impostorscore=0 bulkscore=0 mlxlogscore=732 spamscore=0 adultscore=0 suspectscore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 malwarescore=0 clxscore=179 priorityscore=56 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2408220000 definitions=main-2410020102 domainage_hfrom=10410 domainage_replyto=10410
                                                                                        Return-PathCSI.BenefitConnect@ehr.com
                                                                                        X-Ms-Exchange-Organization-Expirationstarttime02 Oct 2024 14:01:13.6347 (UTC)
                                                                                        X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                                                                        X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                                                                        X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                                                                        X-Ms-Exchange-Organization-Network-Message-Id ad363c5c-bb0a-4116-76ff-08dce2eaad3b
                                                                                        X-Eopattributedmessage0
                                                                                        X-Eoptenantattributedmessage75c696ec-5bfb-4892-9a0c-9187a9061cd6:0
                                                                                        X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                                                                        X-Ms-PublictraffictypeEmail
                                                                                        X-Ms-Traffictypediagnostic DB5PEPF00014B9D:EE_|AM7P191MB0817:EE_|MN2PR07MB7214:EE_|BYAPR07MB5958:EE_
                                                                                        X-Ms-Office365-Filtering-Correlation-Id ad363c5c-bb0a-4116-76ff-08dce2eaad3b
                                                                                        X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                                                                        X-Ms-Exchange-Organization-Scl-1
                                                                                        X-Microsoft-AntispamBCL:0;ARA:13230040|82310400026|5073199012|4073199012;
                                                                                        X-Forefront-Antispam-Report CIP:67.231.151.23;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mx0d-001a4c01.pphosted.com;PTR:mx0d-001a4c01.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(5073199012)(4073199012);DIR:INB;
                                                                                        X-Ms-Exchange-Crosstenant-Originalarrivaltime02 Oct 2024 14:01:13.2754 (UTC)
                                                                                        X-Ms-Exchange-Crosstenant-Network-Message-Id ad363c5c-bb0a-4116-76ff-08dce2eaad3b
                                                                                        X-Ms-Exchange-Crosstenant-Id75c696ec-5bfb-4892-9a0c-9187a9061cd6
                                                                                        X-Ms-Exchange-Crosstenant-Authsource DB5PEPF00014B9D.eurprd02.prod.outlook.com
                                                                                        X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                                                                        X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                                                                        X-Ms-Exchange-Transport-CrosstenantheadersstampedAM7P191MB0817
                                                                                        X-Ms-Exchange-Organization-Authsource DB5PEPF00014B9D.eurprd02.prod.outlook.com
                                                                                        X-Ms-Exchange-Organization-AuthasAnonymous
                                                                                        X-Ms-Exchange-Transport-Endtoendlatency00:00:08.2053729
                                                                                        X-Ms-Exchange-Processed-By-Bccfoldering15.20.8026.016
                                                                                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                                                                        X-Microsoft-Antispam-Message-Info m1gmiRuJ+elTkI3JR0CiT5hUD713+z+OJoHKgvwZtMMBjGOiEwJGHI98JWTGw6b4FM7rEre9hhdRFPZUwi7eTdVBxFrx3P6KYTTGtDPcrMgdzs/Fut9xortiE4/rb7A8h6xYy78+YvcTWlB9628YPHCzMdTAflPwHMOjdNhZMXlTWy2q/nuGBLAVBYNt5cNUlQ3Kf9iwbmBhrhu4CgO4oLL5sn3fxtYh1TPzOJRWpupojiv956JtqD+fGIV0DrYbhTHPdcHkcJUOmQgOKXAjS5NO6obB3sert8ajle16IucXYo1aoZBzVgfeMR9CbXx6QT/qdTJHDFaYgv1U9fQ8veKyB7rbfIU2rp2YDp8b9WJnSQLA2csChppMBlFo25756uFS7Dp8JhjlUWiKrFAgScRQlkMKj6hM2EsLPHXOgUi+QoN+jxsXNaWWALhx9SxCeBwrUW+w/6N24Ia81EwMVQNN1A8RuANPu+gv/zTmXiNi8fBVGrFD+Bw52GTW18w8iJCScdYBnlXoKVNmmAUgDDRKfj83mgcBRTyRqCnID12trdcVXDrg4iTe2gYLukHkjcW5rgHtfilXpfthIDxylV5wa6Snci+3yXMaN82i2D+Z69X2gHVR12cvLxVL/1J59n18xZZjqOvPrr15P1eGvjweUJ/WMFj1lThKH8ohe7hbgjSAI1lWVGiHx8hsysjm9oV7849HOSRGtjQ5O2c1SJvPo+7NlmlVvfZIoWz2eKmR2qO8jjjob2FUu3pizDiCFXPjAc/ICCOelBd+KfQz/+KJUvefd7srNbR31/v7+A882EX2uCbicvVL/Et2ECGedwxXdD3+vTKvee1POfCOjidZqU3anak3dPTY59Z5JlM/pecNWtzyWt+fguee6BrIDM+XAIcUhSH+j3ns29bugZDBsczSc2N2k/7T1YcPGPP8tRxv9Mc9XSxgo8oXUQMyAngg0n/8j1JBgJtil5Dv35Jj2ulo82Ouy8TkzQlZOmK5t1sjDObGgU/JTef0Ye9sqgchWRGcX9qWvD4+XtCCBuJn44Gj2e+PXwuayNUifzzbUkmd3KvBO+Q0ZhJkS3p4PcqM4zCeLzDqTmND8k8geU1USYB9nIZ+2XQjoJ2HxtHDIyqY5YbPBEiBNLQAvZ48yKvd+dKLgA6sIUA8OKAoJLP2dpj4fVeFoITFG9PQzM6uSZLHIpuOfhIagbWNCWqfkMx0Z0GK1kfVKDsCUmu5MRNHuXcJK8ze4+mKpWXWd6Mcfx9PEEMa2Fwl38g2hJ7H9810BWtYlNa7PWKdxGC6BKQ6Yp8mEYfvWMeJFX9HEUkTzsUXnXFaqMT1RtQxFeotK26zDIg7Dw2LxhR61LYHxqkQz4cuOuHa8aQSSGyGXVF6cNEMNTt1H8syeEWRB/NbGsk/BCwUWUOyDDVrM62UpbtVazh1mjHltX6KxiMOiO0MFks/0aRXO1ntG8C+mzmyHXzzJWjewc6h0gDTayn8Ph6YgyIWYuEPSnkroi7XBcH1v68+V8PWb6o88X/QJp4JYB/TPo6r8zwXAT/2bkFhF36aAkEu4v1jibswL1FvDh9bE5DCU2q166oyeo0JmB4so39sWbjz21C+5NzJUZfP/VJWuu4ttweCW9So+kEOTcDDmI5TNsaE7eu8erl6rLedY7tGgGEbNaf2kOCYj3DtS81WW/70bem73SbFe9F6OunUSkheQR4NkcOJW6a8+lBMibjkjpjW3JjX8Z1+L3L+P8JLwaN5h04sDQ5Y9UHBnJezask0UBxFUZuZ4WToTa4jKuZF0IKmdQ0zHDxWrJY2WKSc6OMSxYcXdKBYX81+IvO35afaW+aeAx5t/R66I5quhLsbHSmcBmECdCeZWxEKhTmoPfioXIZG6dFiVe6OQAgBggmZYpWxujdXJ50qxgcrpYNT4Xr2OMoxL9m6tyv1Kfwnc7Yw6vmOU2U+JOSdVSb6Oa3BZeJo2Delh5flAn4J3S3fOSsApx23Tw2rH8P7i+av05RXf+JDLQXn3bgLOSDEBnSFJturRnJvF/+RwvKu37txBB0vNre5bAJtM6RULlOp+Ac/FR5SQLPIDesi0Akkx828XSE4xRPeoKrzNIa0vDttBtCRy5UA5neX2MPbD91/WgUQnwTVsPTRXtDxiMsSRhFLUY2X8EKn2EKUdKqDeD40gttTqhOGY6cbqJ79M8IPGuJPNjKm6XE1qyRqrxw=
                                                                                        Content-Transfer-Encoding7bit

                                                                                        File Icon

                                                                                        Icon Hash:46070c0a8e0c67d6

                                                                                        Network Behavior

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 2, 2024 18:59:34.621572018 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:34.933693886 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:35.543200970 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:36.754532099 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:37.158144951 CEST4968980192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:39.165544987 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:40.711287975 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:40.711337090 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:40.711409092 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:40.712398052 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:40.712416887 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.373152018 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.373244047 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.375825882 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.375837088 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.376128912 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.410038948 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.455418110 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.646290064 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.646363974 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.646420956 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.646486044 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.646511078 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.646523952 CEST49703443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.646528959 CEST44349703184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.677917004 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.677975893 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:41.678245068 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.678514957 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:41.678527117 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.340591908 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.340751886 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.342106104 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.342116117 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.342344046 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.343329906 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.383394957 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.622958899 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.623034000 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.623092890 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.623517036 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.623538017 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.623550892 CEST49704443192.168.2.16184.28.90.27
                                                                                        Oct 2, 2024 18:59:42.623557091 CEST44349704184.28.90.27192.168.2.16
                                                                                        Oct 2, 2024 18:59:42.819909096 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:43.122550011 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:43.725332022 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:43.977539062 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:44.931786060 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:45.122503996 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:45.122550011 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:45.122617006 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:45.145294905 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:45.145309925 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.163371086 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.163496971 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.194454908 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.194474936 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.194905996 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.196348906 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.196348906 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.196458101 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509119034 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509151936 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509187937 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509203911 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.509215117 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509275913 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.509795904 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.509830952 CEST49707443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.509861946 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.509926081 CEST4434970740.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.625086069 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.625128984 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.625209093 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.625587940 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:46.625602961 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.835434914 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:46.835484982 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:46.835552931 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:46.836752892 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:46.836767912 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.261790991 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:47.341559887 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:47.521842003 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.521977901 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.524182081 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.524209023 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.524472952 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.525058031 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.525058031 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.525105000 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.565934896 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:47.708246946 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.709909916 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:47.709909916 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:47.709938049 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.710369110 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.757548094 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:47.776369095 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:47.784378052 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.784398079 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.784440041 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.784518003 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.784552097 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.784552097 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.784631014 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.784876108 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.784876108 CEST49708443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.784897089 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.784900904 CEST4434970840.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.823409081 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.892508984 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.892570972 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:47.893224955 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.893285990 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:47.893296003 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033677101 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033701897 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033710957 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033720970 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033751965 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033802032 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.033838034 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.033869028 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.034121037 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.034193039 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.034415960 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.034441948 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.034565926 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.045752048 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.045789003 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.045866013 CEST49709443192.168.2.164.245.163.56
                                                                                        Oct 2, 2024 18:59:48.045874119 CEST443497094.245.163.56192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.170620918 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:48.658554077 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.659158945 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:48.659166098 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.660078049 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:48.660078049 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:48.660096884 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:48.660104990 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014308929 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014336109 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014380932 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014451027 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014465094 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:49.014465094 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:49.014735937 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:49.014939070 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:49.014939070 CEST49710443192.168.2.1640.126.31.69
                                                                                        Oct 2, 2024 18:59:49.014954090 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.014957905 CEST4434971040.126.31.69192.168.2.16
                                                                                        Oct 2, 2024 18:59:49.384521961 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:51.795568943 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:52.146564960 CEST49678443192.168.2.1620.189.173.10
                                                                                        Oct 2, 2024 18:59:52.372976065 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:52.373009920 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:52.373073101 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:52.373349905 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:52.373366117 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.549715042 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.553663015 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.553673983 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.554855108 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.554929018 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.559911013 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.560019970 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.560185909 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.560204029 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.582592964 CEST49673443192.168.2.16204.79.197.203
                                                                                        Oct 2, 2024 18:59:53.614562988 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.671360970 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.671444893 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.671562910 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.672030926 CEST49713443192.168.2.1652.204.90.22
                                                                                        Oct 2, 2024 18:59:53.672048092 CEST4434971352.204.90.22192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.734319925 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:53.734365940 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.734436989 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:53.734791994 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:53.734805107 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.398159027 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.398432970 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.398461103 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.399635077 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.399734020 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.400579929 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.400655031 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.400801897 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.400814056 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.443563938 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.734853983 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.734931946 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.734977961 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.734977961 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.736109972 CEST49716443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.736128092 CEST4434971613.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.763700962 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.763736963 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.763920069 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.764183044 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:54.764195919 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.440035105 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.440264940 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.440284014 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.440593004 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.440846920 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.440912008 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.440948009 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.483436108 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.494594097 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.601429939 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.601463079 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.601512909 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.601526976 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.601732969 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.602466106 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.602514029 CEST4434971813.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.602634907 CEST49718443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.682903051 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:55.682940960 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.683099985 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:55.683315039 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:55.683322906 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.793626070 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.793661118 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.793734074 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.793950081 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.793989897 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.794239998 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.794241905 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.794251919 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.794435024 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:55.794449091 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.352489948 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.352694035 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.352706909 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.354002953 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.354070902 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.354465008 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.354527950 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.354696035 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.354705095 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.401732922 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.450395107 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.450681925 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.450699091 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.451237917 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.451668978 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.451668978 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.451745033 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.464179993 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.464384079 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.464412928 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.465473890 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.465543032 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.465914011 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.465984106 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.466052055 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.497617006 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.511406898 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.512722015 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.512749910 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.538634062 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.538677931 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.538750887 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.538770914 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.538830996 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.539652109 CEST49722443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:56.539680004 CEST4434972213.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.560628891 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.602819920 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.602955103 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.602974892 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.604744911 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.604827881 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.604827881 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.604837894 CEST4434972513.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.606456995 CEST49725443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.608273029 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.608339071 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.608443975 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.608674049 CEST4968080192.168.2.16192.229.211.108
                                                                                        Oct 2, 2024 18:59:56.608748913 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.608762980 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642035007 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642061949 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642070055 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642151117 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.642199993 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.642211914 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642224073 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642256021 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.642261982 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642277956 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.642283916 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.642318964 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.687592983 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.722873926 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.722887993 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.723007917 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.723025084 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.723042965 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.723051071 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.723074913 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.723088026 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.723102093 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.723130941 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.725924969 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.726003885 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.726006985 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.726021051 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.726057053 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.808631897 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.808660030 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.808742046 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.808773041 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.808840990 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.808913946 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.808970928 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.808976889 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.810838938 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.810858011 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.810914040 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.810933113 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.810955048 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.819236040 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.819314957 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.819422960 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.819422960 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.819454908 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.819514036 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.820174932 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.820198059 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.820261955 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.820266962 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.820441008 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.897531033 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.897556067 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.897664070 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.897692919 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.897753000 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.898669958 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.898689032 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.898766994 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.898793936 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.899158001 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.899758101 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.899779081 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.899828911 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.899837971 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.899864912 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.899889946 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.907593012 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.907622099 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.907711983 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.907718897 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908062935 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908081055 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908129930 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.908135891 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908165932 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.908843040 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908857107 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.908930063 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.908936977 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.957592010 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.985471010 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.985496044 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.985598087 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.985625029 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.985676050 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.985847950 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.985865116 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.985937119 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.985941887 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.986471891 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.986493111 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.986561060 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.986566067 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987274885 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987289906 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987354040 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.987360954 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987667084 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987715960 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.987720966 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987778902 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987818003 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.987823009 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.987843037 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996072054 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.996109962 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.996229887 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996229887 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996239901 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.996319056 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996763945 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.996784925 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.996855974 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996855974 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:56.996860981 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:56.997860909 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.073915958 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.073951006 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074022055 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.074050903 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074069977 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.074100018 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.074492931 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074513912 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074592113 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.074601889 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074918985 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.074986935 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.074995995 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.075153112 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.075170994 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.075211048 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.075217962 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.075231075 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.075716972 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.075786114 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.075836897 CEST49724443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.075854063 CEST4434972413.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.128956079 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.129009008 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.129296064 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.129297018 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.129336119 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.269135952 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.269609928 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.269643068 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.270020008 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.270313025 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.270384073 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.270430088 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.311413050 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.321619034 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.426851988 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.426939964 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.426995993 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.427020073 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.427076101 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.427792072 CEST49727443192.168.2.1613.107.253.45
                                                                                        Oct 2, 2024 18:59:57.427809954 CEST4434972713.107.253.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.429900885 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:57.429939985 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.430041075 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:57.430345058 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:57.430361032 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.784110069 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.784549952 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.784590006 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.785672903 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.786722898 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.786958933 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.787029982 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.832669020 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:57.832686901 CEST44349728216.58.212.164192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.880922079 CEST49728443192.168.2.16216.58.212.164
                                                                                        Oct 2, 2024 18:59:58.082952976 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.083261967 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.083281040 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.083657026 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.083978891 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.084048033 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.084089994 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.127443075 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.137619019 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.252518892 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.252623081 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.252660036 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.253072023 CEST4434972913.107.246.45192.168.2.16
                                                                                        Oct 2, 2024 18:59:58.253140926 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.253529072 CEST49729443192.168.2.1613.107.246.45
                                                                                        Oct 2, 2024 18:59:58.253551006 CEST4434972913.107.246.45192.168.2.16

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 2, 2024 18:59:52.336235046 CEST53497141.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:52.361619949 CEST5791853192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:52.361824989 CEST6500753192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:52.369070053 CEST53579181.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:52.371104002 CEST53650071.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.439954996 CEST53492281.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.440009117 CEST53569831.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:53.674371958 CEST5582753192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:53.674674988 CEST6443753192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:54.417081118 CEST53649951.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:54.770272970 CEST53621731.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:55.608417988 CEST6181153192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:55.608566046 CEST5117253192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:57.120269060 CEST4986253192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:57.120364904 CEST5346553192.168.2.161.1.1.1
                                                                                        Oct 2, 2024 18:59:57.127598047 CEST53534651.1.1.1192.168.2.16
                                                                                        Oct 2, 2024 18:59:57.127957106 CEST53498621.1.1.1192.168.2.16

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Oct 2, 2024 18:59:52.361619949 CEST192.168.2.161.1.1.10xd226Standard query (0)urldefense.comA (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:52.361824989 CEST192.168.2.161.1.1.10x9a44Standard query (0)urldefense.com65IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.674371958 CEST192.168.2.161.1.1.10x3b49Standard query (0)csi.ehr.comA (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.674674988 CEST192.168.2.161.1.1.10x3859Standard query (0)csi.ehr.com65IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.608417988 CEST192.168.2.161.1.1.10xc7ccStandard query (0)csi.ehr.comA (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.608566046 CEST192.168.2.161.1.1.10x4965Standard query (0)csi.ehr.com65IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:57.120269060 CEST192.168.2.161.1.1.10x4f6dStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:57.120364904 CEST192.168.2.161.1.1.10x2e7cStandard query (0)www.google.com65IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Oct 2, 2024 18:59:52.369070053 CEST1.1.1.1192.168.2.160xd226No error (0)urldefense.com52.204.90.22A (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:52.369070053 CEST1.1.1.1192.168.2.160xd226No error (0)urldefense.com52.6.56.188A (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:52.369070053 CEST1.1.1.1192.168.2.160xd226No error (0)urldefense.com52.71.28.102A (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.719014883 CEST1.1.1.1192.168.2.160x3859No error (0)csi.ehr.combdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.719014883 CEST1.1.1.1192.168.2.160x3859No error (0)bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.733745098 CEST1.1.1.1192.168.2.160x3b49No error (0)csi.ehr.combdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.733745098 CEST1.1.1.1192.168.2.160x3b49No error (0)bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.733745098 CEST1.1.1.1192.168.2.160x3b49No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.733745098 CEST1.1.1.1192.168.2.160x3b49No error (0)dual.s-part-0017.t-0009.fb-t-msedge.nets-part-0017.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:53.733745098 CEST1.1.1.1192.168.2.160x3b49No error (0)s-part-0017.t-0009.fb-t-msedge.net13.107.253.45A (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.647362947 CEST1.1.1.1192.168.2.160x4965No error (0)csi.ehr.combdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.647362947 CEST1.1.1.1192.168.2.160x4965No error (0)bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.682224035 CEST1.1.1.1192.168.2.160xc7ccNo error (0)csi.ehr.combdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.682224035 CEST1.1.1.1192.168.2.160xc7ccNo error (0)bdaout-ess-p-fd-hqh6dugmcuhxafg3.z01.azurefd.netstar-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.682224035 CEST1.1.1.1192.168.2.160xc7ccNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:55.682224035 CEST1.1.1.1192.168.2.160xc7ccNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:57.127598047 CEST1.1.1.1192.168.2.160x2e7cNo error (0)www.google.com65IN (0x0001)false
                                                                                        Oct 2, 2024 18:59:57.127957106 CEST1.1.1.1192.168.2.160x4f6dNo error (0)www.google.com216.58.212.164A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • fs.microsoft.com
                                                                                        • login.live.com
                                                                                        • slscr.update.microsoft.com
                                                                                        • urldefense.com
                                                                                        • csi.ehr.com
                                                                                        • https:

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        0192.168.2.1649703184.28.90.27443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:41 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        Accept-Encoding: identity
                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                        Host: fs.microsoft.com
                                                                                        2024-10-02 16:59:41 UTC466INHTTP/1.1 200 OK
                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                        Content-Type: application/octet-stream
                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                        Server: ECAcc (lpl/EF06)
                                                                                        X-CID: 11
                                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                                        X-Ms-Region: prod-neu-z1
                                                                                        Cache-Control: public, max-age=85569
                                                                                        Date: Wed, 02 Oct 2024 16:59:41 GMT
                                                                                        Connection: close
                                                                                        X-CID: 2


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        1192.168.2.1649704184.28.90.27443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:42 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        Accept-Encoding: identity
                                                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                        Range: bytes=0-2147483646
                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                        Host: fs.microsoft.com
                                                                                        2024-10-02 16:59:42 UTC514INHTTP/1.1 200 OK
                                                                                        ApiVersion: Distribute 1.1
                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                        Content-Type: application/octet-stream
                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                        Server: ECAcc (lpl/EF06)
                                                                                        X-CID: 11
                                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                                        X-Ms-Region: prod-weu-z1
                                                                                        Cache-Control: public, max-age=85512
                                                                                        Date: Wed, 02 Oct 2024 16:59:42 GMT
                                                                                        Content-Length: 55
                                                                                        Connection: close
                                                                                        X-CID: 2
                                                                                        2024-10-02 16:59:42 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.164970740.126.31.69443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:46 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/soap+xml
                                                                                        Accept: */*
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                        Content-Length: 3592
                                                                                        Host: login.live.com
                                                                                        2024-10-02 16:59:46 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                        2024-10-02 16:59:46 UTC569INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-store, no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                        Expires: Wed, 02 Oct 2024 16:58:46 GMT
                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        x-ms-route-info: C538_SN1
                                                                                        x-ms-request-id: 90f48fb6-b8d1-4de3-8384-2636f51234ee
                                                                                        PPServer: PPV: 30 H: SN1PEPF0002FA5C V: 0
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Date: Wed, 02 Oct 2024 16:59:46 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 11389
                                                                                        2024-10-02 16:59:46 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.164970840.126.31.69443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:47 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/soap+xml
                                                                                        Accept: */*
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                        Content-Length: 4775
                                                                                        Host: login.live.com
                                                                                        2024-10-02 16:59:47 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                        2024-10-02 16:59:47 UTC569INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-store, no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                        Expires: Wed, 02 Oct 2024 16:58:47 GMT
                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        x-ms-route-info: C538_BL2
                                                                                        x-ms-request-id: 99817241-142d-4487-a36f-1d6fd753e083
                                                                                        PPServer: PPV: 30 H: BL02EPF0001D875 V: 0
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Date: Wed, 02 Oct 2024 16:59:46 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 11409
                                                                                        2024-10-02 16:59:47 UTC11409INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.16497094.245.163.56443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:47 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLNul59wgCmKpyr&MD=YVCorGdE HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                        Host: slscr.update.microsoft.com
                                                                                        2024-10-02 16:59:48 UTC560INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/octet-stream
                                                                                        Expires: -1
                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                        MS-CorrelationId: 3179f232-ac8e-40fc-ae4b-7428380d6e56
                                                                                        MS-RequestId: 63e2413f-4e0e-4dd5-86d1-c31f62ef1539
                                                                                        MS-CV: Htx5MxFh8EiSdk68.0
                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Date: Wed, 02 Oct 2024 16:59:47 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 24490
                                                                                        2024-10-02 16:59:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                        2024-10-02 16:59:48 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.164971040.126.31.69443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:48 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/soap+xml
                                                                                        Accept: */*
                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                        Content-Length: 4762
                                                                                        Host: login.live.com
                                                                                        2024-10-02 16:59:48 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                        Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                        2024-10-02 16:59:49 UTC569INHTTP/1.1 200 OK
                                                                                        Cache-Control: no-store, no-cache
                                                                                        Pragma: no-cache
                                                                                        Content-Type: application/soap+xml; charset=utf-8
                                                                                        Expires: Wed, 02 Oct 2024 16:58:48 GMT
                                                                                        P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        x-ms-route-info: C538_SN1
                                                                                        x-ms-request-id: a7909005-9db8-42d2-8a77-e1bfbaba134c
                                                                                        PPServer: PPV: 30 H: SN1PEPF0002F949 V: 0
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Date: Wed, 02 Oct 2024 16:59:47 GMT
                                                                                        Connection: close
                                                                                        Content-Length: 10197
                                                                                        2024-10-02 16:59:49 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.164971352.204.90.224433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:53 UTC806OUTGET /v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$ HTTP/1.1
                                                                                        Host: urldefense.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Upgrade-Insecure-Requests: 1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: navigate
                                                                                        Sec-Fetch-User: ?1
                                                                                        Sec-Fetch-Dest: document
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:53 UTC367INHTTP/1.1 302 Found
                                                                                        Date: Wed, 02 Oct 2024 16:59:53 GMT
                                                                                        Content-Length: 0
                                                                                        Connection: close
                                                                                        Location: https://CSI.ehr.com/ESS/Home/login.aspx
                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                        X-Robots-Tag: noindex, nofollow
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Content-Security-Policy: default-src 'self';


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.164971613.107.253.454433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:54 UTC673OUTGET /ESS/Home/login.aspx HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        Upgrade-Insecure-Requests: 1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: navigate
                                                                                        Sec-Fetch-User: ?1
                                                                                        Sec-Fetch-Dest: document
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:54 UTC1691INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:54 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 1373
                                                                                        Connection: close
                                                                                        Cache-Control: public, must-revalidate, max-age=30
                                                                                        ETag: "17844648"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:50:25 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165954Z-r154656d9bcv7txsqsufsswrks000000078000000000pdzc
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:54 UTC1373INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 30 30 30 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" content="#000000" /> <title></title> <meta name="robots" content="noinde


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.164971813.107.253.454433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:55 UTC576OUTGET /assets/index-DyLirHvO.js HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        Origin: https://csi.ehr.com
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Sec-Fetch-Site: same-origin
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: script
                                                                                        Referer: https://csi.ehr.com/ESS/Home/login.aspx
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:55 UTC1683INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:55 GMT
                                                                                        Content-Type: text/javascript
                                                                                        Content-Length: 2896
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=86400
                                                                                        ETag: "12055270"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:51:26 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165955Z-1767f7688dc2kzqgyrtc6e2gp40000000gr000000000cm6x
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:55 UTC2896INData Raw: 63 6f 6e 73 74 20 5f 5f 76 69 74 65 5f 5f 66 69 6c 65 44 65 70 73 3d 5b 22 61 73 73 65 74 73 2f 6d 61 69 6e 41 70 70 2d 42 34 44 48 6a 51 33 65 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 6d 61 69 6e 41 70 70 2d 44 33 52 49 6f 65 38 79 2e 63 73 73 22 5d 2c 5f 5f 76 69 74 65 5f 5f 6d 61 70 44 65 70 73 3d 69 3d 3e 69 2e 6d 61 70 28 69 3d 3e 5f 5f 76 69 74 65 5f 5f 66 69 6c 65 44 65 70 73 5b 69 5d 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 2e 72 65 6c 4c 69 73 74 3b 69 66 28 69 26 26 69 2e 73 75 70 70 6f 72 74 73 26 26 69 2e 73 75 70 70 6f 72 74 73 28 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 29 29 72 65 74 75 72 6e 3b 66 6f 72 28 63 6f 6e 73 74
                                                                                        Data Ascii: const __vite__fileDeps=["assets/mainApp-B4DHjQ3e.js","assets/mainApp-D3RIoe8y.css"],__vite__mapDeps=i=>i.map(i=>__vite__fileDeps[i]);(function(){const i=document.createElement("link").relList;if(i&&i.supports&&i.supports("modulepreload"))return;for(const


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.164972213.107.246.454433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:56 UTC359OUTGET /assets/index-DyLirHvO.js HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Accept: */*
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:56 UTC1683INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:56 GMT
                                                                                        Content-Type: text/javascript
                                                                                        Content-Length: 2896
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=86400
                                                                                        ETag: "17844648"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:50:25 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165956Z-15767c5fc55fdfx81a30vtr1fw0000000a4g00000000fpk7
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:56 UTC2896INData Raw: 63 6f 6e 73 74 20 5f 5f 76 69 74 65 5f 5f 66 69 6c 65 44 65 70 73 3d 5b 22 61 73 73 65 74 73 2f 6d 61 69 6e 41 70 70 2d 42 34 44 48 6a 51 33 65 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 6d 61 69 6e 41 70 70 2d 44 33 52 49 6f 65 38 79 2e 63 73 73 22 5d 2c 5f 5f 76 69 74 65 5f 5f 6d 61 70 44 65 70 73 3d 69 3d 3e 69 2e 6d 61 70 28 69 3d 3e 5f 5f 76 69 74 65 5f 5f 66 69 6c 65 44 65 70 73 5b 69 5d 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 69 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 2e 72 65 6c 4c 69 73 74 3b 69 66 28 69 26 26 69 2e 73 75 70 70 6f 72 74 73 26 26 69 2e 73 75 70 70 6f 72 74 73 28 22 6d 6f 64 75 6c 65 70 72 65 6c 6f 61 64 22 29 29 72 65 74 75 72 6e 3b 66 6f 72 28 63 6f 6e 73 74
                                                                                        Data Ascii: const __vite__fileDeps=["assets/mainApp-B4DHjQ3e.js","assets/mainApp-D3RIoe8y.css"],__vite__mapDeps=i=>i.map(i=>__vite__fileDeps[i]);(function(){const i=document.createElement("link").relList;if(i&&i.supports&&i.supports("modulepreload"))return;for(const


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.164972513.107.253.454433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:56 UTC567OUTGET /assets/mainApp-D3RIoe8y.css HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: text/css,*/*;q=0.1
                                                                                        Sec-Fetch-Site: same-origin
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: style
                                                                                        Referer: https://csi.ehr.com/ESS/Home/login.aspx
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:56 UTC1675INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:56 GMT
                                                                                        Content-Type: text/css
                                                                                        Content-Length: 393
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=86400
                                                                                        ETag: "17844648"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:50:25 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165956Z-r154656d9bczmvnbrzm0xmzrs4000000077g000000012bv9
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:56 UTC393INData Raw: 40 6b 65 79 66 72 61 6d 65 73 20 61 70 70 2d 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 36 30 64 65 67 29 7d 7d 2e 61 70 70 2d 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 61 70 70 2d 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 20 2e 61 70 70 2d 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 2d 62 6f 72 64 65 72 7b 61 6e 69 6d 61 74 69 6f 6e 3a 61 70 70 2d 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 20 2e 37 35 73 20
                                                                                        Data Ascii: @keyframes app-loading-spinner{to{transform:rotate(360deg)}}.app-loading-spinner{align-items:center;background-color:#fff;display:flex;height:100vh;justify-content:center}.app-loading-spinner .app-loading-spinner-border{animation:app-loading-spinner .75s


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.164972413.107.253.454433728C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:56 UTC528OUTGET /assets/mainApp-B4DHjQ3e.js HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        Origin: https://csi.ehr.com
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: */*
                                                                                        Sec-Fetch-Site: same-origin
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: script
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:56 UTC1685INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:56 GMT
                                                                                        Content-Type: text/javascript
                                                                                        Content-Length: 428115
                                                                                        Connection: close
                                                                                        Cache-Control: public, max-age=86400
                                                                                        ETag: "12055270"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:51:26 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165956Z-1767f7688dc5smv9fdkth3nru00000000gyg0000000000gq
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:56 UTC14699INData Raw: 63 6f 6e 73 74 20 5f 5f 76 69 74 65 5f 5f 66 69 6c 65 44 65 70 73 3d 5b 22 61 73 73 65 74 73 2f 41 70 70 2d 43 38 39 64 5f 56 63 53 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 46 61 76 69 63 6f 6e 2d 31 50 4a 55 4d 39 45 6b 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 69 6e 64 65 78 2d 44 79 4c 69 72 48 76 4f 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 6e 6f 6e 2d 74 68 65 6d 65 2d 42 79 5f 41 42 63 72 61 2e 63 73 73 22 2c 22 61 73 73 65 74 73 2f 33 4d 2d 44 63 6c 6c 55 4d 33 62 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 33 4d 2d 43 75 61 75 77 6d 33 56 2e 63 73 73 22 2c 22 61 73 73 65 74 73 2f 33 4d 48 65 61 6c 74 68 43 61 72 65 42 75 73 69 6e 65 73 73 47 72 6f 75 70 2d 43 45 67 6d 79 49 6b 53 2e 6a 73 22 2c 22 61 73 73 65 74 73 2f 33 4d 48 65 61 6c 74 68 43 61 72 65 42 75
                                                                                        Data Ascii: const __vite__fileDeps=["assets/App-C89d_VcS.js","assets/Favicon-1PJUM9Ek.js","assets/index-DyLirHvO.js","assets/non-theme-By_ABcra.css","assets/3M-DcllUM3b.js","assets/3M-Cuauwm3V.css","assets/3MHealthCareBusinessGroup-CEgmyIkS.js","assets/3MHealthCareBu
                                                                                        2024-10-02 16:59:56 UTC135INData Raw: 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 45 66 66 65 63 74 28 65 2c 74 29 7d 3b 43 65 2e 75 73 65 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 49 64 28 29 7d 3b 43 65 2e 75 73 65 49 6d 70 65 72 61 74 69 76 65 48 61 6e 64 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74
                                                                                        Data Ascii: nction(e,t){return _n.current.useEffect(e,t)};Ce.useId=function(){return _n.current.useId()};Ce.useImperativeHandle=function(e,t,n){ret
                                                                                        2024-10-02 16:59:56 UTC16384INData Raw: 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 49 6d 70 65 72 61 74 69 76 65 48 61 6e 64 6c 65 28 65 2c 74 2c 6e 29 7d 3b 43 65 2e 75 73 65 49 6e 73 65 72 74 69 6f 6e 45 66 66 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 49 6e 73 65 72 74 69 6f 6e 45 66 66 65 63 74 28 65 2c 74 29 7d 3b 43 65 2e 75 73 65 4c 61 79 6f 75 74 45 66 66 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 4c 61 79 6f 75 74 45 66 66 65 63 74 28 65 2c 74 29 7d 3b 43 65 2e 75 73 65 4d 65 6d 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 5f 6e 2e 63 75 72 72 65 6e 74 2e 75 73 65 4d 65 6d 6f 28 65 2c 74 29 7d 3b 43 65 2e
                                                                                        Data Ascii: urn _n.current.useImperativeHandle(e,t,n)};Ce.useInsertionEffect=function(e,t){return _n.current.useInsertionEffect(e,t)};Ce.useLayoutEffect=function(e,t){return _n.current.useLayoutEffect(e,t)};Ce.useMemo=function(e,t){return _n.current.useMemo(e,t)};Ce.
                                                                                        2024-10-02 16:59:56 UTC12288INData Raw: 72 20 6e 3d 42 6f 28 74 2e 76 61 6c 75 65 29 2c 72 3d 74 2e 74 79 70 65 3b 69 66 28 6e 21 3d 6e 75 6c 6c 29 72 3d 3d 3d 22 6e 75 6d 62 65 72 22 3f 28 6e 3d 3d 3d 30 26 26 65 2e 76 61 6c 75 65 3d 3d 3d 22 22 7c 7c 65 2e 76 61 6c 75 65 21 3d 6e 29 26 26 28 65 2e 76 61 6c 75 65 3d 22 22 2b 6e 29 3a 65 2e 76 61 6c 75 65 21 3d 3d 22 22 2b 6e 26 26 28 65 2e 76 61 6c 75 65 3d 22 22 2b 6e 29 3b 65 6c 73 65 20 69 66 28 72 3d 3d 3d 22 73 75 62 6d 69 74 22 7c 7c 72 3d 3d 3d 22 72 65 73 65 74 22 29 7b 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 22 76 61 6c 75 65 22 29 3b 72 65 74 75 72 6e 7d 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 22 76 61 6c 75 65 22 29 3f 64 6d 28 65 2c 74 2e 74 79 70 65 2c 6e 29 3a 74 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74
                                                                                        Data Ascii: r n=Bo(t.value),r=t.type;if(n!=null)r==="number"?(n===0&&e.value===""||e.value!=n)&&(e.value=""+n):e.value!==""+n&&(e.value=""+n);else if(r==="submit"||r==="reset"){e.removeAttribute("value");return}t.hasOwnProperty("value")?dm(e,t.type,n):t.hasOwnPropert
                                                                                        2024-10-02 16:59:56 UTC16384INData Raw: 3f 6e 2e 73 74 61 74 65 4e 6f 64 65 2e 63 6f 6e 74 61 69 6e 65 72 49 6e 66 6f 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7d 7d 7d 65 2e 62 6c 6f 63 6b 65 64 4f 6e 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 70 64 28 65 29 7b 69 66 28 65 2e 62 6c 6f 63 6b 65 64 4f 6e 21 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 74 3d 65 2e 74 61 72 67 65 74 43 6f 6e 74 61 69 6e 65 72 73 3b 30 3c 74 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 6e 3d 44 6d 28 65 2e 64 6f 6d 45 76 65 6e 74 4e 61 6d 65 2c 65 2e 65 76 65 6e 74 53 79 73 74 65 6d 46 6c 61 67 73 2c 74 5b 30 5d 2c 65 2e 6e 61 74 69 76 65 45 76 65 6e 74 29 3b 69 66 28 6e 3d 3d 3d 6e 75 6c 6c 29 7b 6e 3d 65 2e 6e 61 74 69 76 65 45 76 65 6e 74 3b 76 61 72 20 72 3d 6e 65 77 20 6e 2e 63 6f 6e 73 74
                                                                                        Data Ascii: ?n.stateNode.containerInfo:null;return}}}e.blockedOn=null}function pd(e){if(e.blockedOn!==null)return!1;for(var t=e.targetContainers;0<t.length;){var n=Dm(e.domEventName,e.eventSystemFlags,t[0],e.nativeEvent);if(n===null){n=e.nativeEvent;var r=new n.const
                                                                                        2024-10-02 16:59:56 UTC8192INData Raw: 31 2c 74 29 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 4e 28 65 2c 74 2c 6e 2c 72 29 7b 73 77 69 74 63 68 28 46 49 28 74 29 29 7b 63 61 73 65 20 31 3a 76 61 72 20 69 3d 24 41 3b 62 72 65 61 6b 3b 63 61 73 65 20 34 3a 69 3d 6a 41 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 69 3d 47 30 7d 6e 3d 69 2e 62 69 6e 64 28 6e 75 6c 6c 2c 74 2c 6e 2c 65 29 2c 69 3d 76 6f 69 64 20 30 2c 21 67 6d 7c 7c 74 21 3d 3d 22 74 6f 75 63 68 73 74 61 72 74 22 26 26 74 21 3d 3d 22 74 6f 75 63 68 6d 6f 76 65 22 26 26 74 21 3d 3d 22 77 68 65 65 6c 22 7c 7c 28 69 3d 21 30 29 2c 72 3f 69 21 3d 3d 76 6f 69 64 20 30 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6e 2c 7b 63 61 70 74 75 72 65 3a 21 30 2c 70 61 73 73 69 76 65 3a 69 7d 29 3a 65 2e 61 64 64 45 76 65 6e 74
                                                                                        Data Ascii: 1,t))}}function tN(e,t,n,r){switch(FI(t)){case 1:var i=$A;break;case 4:i=jA;break;default:i=G0}n=i.bind(null,t,n,e),i=void 0,!gm||t!=="touchstart"&&t!=="touchmove"&&t!=="wheel"||(i=!0),r?i!==void 0?e.addEventListener(t,n,{capture:!0,passive:i}):e.addEvent
                                                                                        2024-10-02 16:59:56 UTC16384INData Raw: 49 6e 74 65 72 6e 61 6c 4d 65 6d 6f 69 7a 65 64 4d 65 72 67 65 64 43 68 69 6c 64 43 6f 6e 74 65 78 74 3d 65 2c 69 74 28 4f 6e 29 2c 69 74 28 6e 6e 29 2c 5a 65 28 6e 6e 2c 65 29 29 3a 69 74 28 4f 6e 29 2c 5a 65 28 4f 6e 2c 6e 29 7d 76 61 72 20 6d 69 3d 6e 75 6c 6c 2c 53 5f 3d 21 31 2c 79 68 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 72 4e 28 65 29 7b 6d 69 3d 3d 3d 6e 75 6c 6c 3f 6d 69 3d 5b 65 5d 3a 6d 69 2e 70 75 73 68 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 47 77 28 65 29 7b 53 5f 3d 21 30 2c 72 4e 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 4a 6f 28 29 7b 69 66 28 21 79 68 26 26 6d 69 21 3d 3d 6e 75 6c 6c 29 7b 79 68 3d 21 30 3b 76 61 72 20 65 3d 30 2c 74 3d 24 65 3b 74 72 79 7b 76 61 72 20 6e 3d 6d 69 3b 66 6f 72 28 24 65 3d 31 3b 65 3c 6e 2e 6c 65 6e 67 74 68
                                                                                        Data Ascii: InternalMemoizedMergedChildContext=e,it(On),it(nn),Ze(nn,e)):it(On),Ze(On,n)}var mi=null,S_=!1,yh=!1;function rN(e){mi===null?mi=[e]:mi.push(e)}function Gw(e){S_=!0,rN(e)}function Jo(){if(!yh&&mi!==null){yh=!0;var e=0,t=$e;try{var n=mi;for($e=1;e<n.length
                                                                                        2024-10-02 16:59:56 UTC12288INData Raw: 66 75 6e 63 74 69 6f 6e 20 6f 67 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 29 7b 69 66 28 58 61 3d 6f 2c 76 74 3d 74 2c 74 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3d 6e 75 6c 6c 2c 74 2e 75 70 64 61 74 65 51 75 65 75 65 3d 6e 75 6c 6c 2c 74 2e 6c 61 6e 65 73 3d 30 2c 53 64 2e 63 75 72 72 65 6e 74 3d 65 3d 3d 3d 6e 75 6c 6c 7c 7c 65 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3d 3d 3d 6e 75 6c 6c 3f 24 77 3a 6a 77 2c 65 3d 6e 28 72 2c 69 29 2c 6f 63 29 7b 6f 3d 30 3b 64 6f 7b 69 66 28 6f 63 3d 21 31 2c 78 63 3d 30 2c 32 35 3c 3d 6f 29 74 68 72 6f 77 20 45 72 72 6f 72 28 42 28 33 30 31 29 29 3b 6f 2b 3d 31 2c 78 74 3d 77 74 3d 6e 75 6c 6c 2c 74 2e 75 70 64 61 74 65 51 75 65 75 65 3d 6e 75 6c 6c 2c 53 64 2e 63 75 72 72 65 6e 74 3d 58 77 2c 65 3d 6e 28 72 2c 69 29
                                                                                        Data Ascii: function og(e,t,n,r,i,o){if(Xa=o,vt=t,t.memoizedState=null,t.updateQueue=null,t.lanes=0,Sd.current=e===null||e.memoizedState===null?$w:jw,e=n(r,i),oc){o=0;do{if(oc=!1,xc=0,25<=o)throw Error(B(301));o+=1,xt=wt=null,t.updateQueue=null,Sd.current=Xw,e=n(r,i)
                                                                                        2024-10-02 16:59:56 UTC16384INData Raw: 66 20 61 2e 67 65 74 53 6e 61 70 73 68 6f 74 42 65 66 6f 72 65 55 70 64 61 74 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3b 5f 7c 7c 74 79 70 65 6f 66 20 61 2e 55 4e 53 41 46 45 5f 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 61 2e 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 28 73 21 3d 3d 72 7c 7c 75 21 3d 3d 6c 29 26 26 4e 54 28 74 2c 61 2c 72 2c 6c 29 2c 75 6f 3d 21 31 3b 76 61 72 20 70 3d 74 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 3b 61 2e 73 74 61 74 65 3d 70 2c 66 76 28 74 2c 72 2c 61 2c 69 29 2c 75 3d 74 2e 6d 65 6d 6f 69 7a 65 64 53 74 61 74 65 2c 73 21 3d 3d 72 7c 7c 70 21 3d 3d 75 7c
                                                                                        Data Ascii: f a.getSnapshotBeforeUpdate=="function";_||typeof a.UNSAFE_componentWillReceiveProps!="function"&&typeof a.componentWillReceiveProps!="function"||(s!==r||u!==l)&&NT(t,a,r,l),uo=!1;var p=t.memoizedState;a.state=p,fv(t,r,a,i),u=t.memoizedState,s!==r||p!==u|
                                                                                        2024-10-02 16:59:56 UTC16384INData Raw: 6e 75 6c 6c 26 26 65 2e 66 6c 61 67 73 26 31 32 38 29 66 6f 72 28 65 3d 74 2e 63 68 69 6c 64 3b 65 21 3d 3d 6e 75 6c 6c 3b 29 7b 69 66 28 61 3d 64 76 28 65 29 2c 61 21 3d 3d 6e 75 6c 6c 29 7b 66 6f 72 28 74 2e 66 6c 61 67 73 7c 3d 31 32 38 2c 64 6c 28 6f 2c 21 31 29 2c 72 3d 61 2e 75 70 64 61 74 65 51 75 65 75 65 2c 72 21 3d 3d 6e 75 6c 6c 26 26 28 74 2e 75 70 64 61 74 65 51 75 65 75 65 3d 72 2c 74 2e 66 6c 61 67 73 7c 3d 34 29 2c 74 2e 73 75 62 74 72 65 65 46 6c 61 67 73 3d 30 2c 72 3d 6e 2c 6e 3d 74 2e 63 68 69 6c 64 3b 6e 21 3d 3d 6e 75 6c 6c 3b 29 6f 3d 6e 2c 65 3d 72 2c 6f 2e 66 6c 61 67 73 26 3d 31 34 36 38 30 30 36 36 2c 61 3d 6f 2e 61 6c 74 65 72 6e 61 74 65 2c 61 3d 3d 3d 6e 75 6c 6c 3f 28 6f 2e 63 68 69 6c 64 4c 61 6e 65 73 3d 30 2c 6f 2e 6c 61
                                                                                        Data Ascii: null&&e.flags&128)for(e=t.child;e!==null;){if(a=dv(e),a!==null){for(t.flags|=128,dl(o,!1),r=a.updateQueue,r!==null&&(t.updateQueue=r,t.flags|=4),t.subtreeFlags=0,r=n,n=t.child;n!==null;)o=n,e=r,o.flags&=14680066,a=o.alternate,a===null?(o.childLanes=0,o.la


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        12192.168.2.164972713.107.253.45443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:57 UTC597OUTGET /favicon.ico HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                        sec-ch-ua-mobile: ?0
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        sec-ch-ua-platform: "Windows"
                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                        Sec-Fetch-Site: same-origin
                                                                                        Sec-Fetch-Mode: no-cors
                                                                                        Sec-Fetch-Dest: image
                                                                                        Referer: https://csi.ehr.com/ESS/Home/login.aspx
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:57 UTC1691INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:57 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 1373
                                                                                        Connection: close
                                                                                        Cache-Control: public, must-revalidate, max-age=30
                                                                                        ETag: "30397720"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:52:23 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165957Z-1767f7688dcrlt4tm55zgvcmun0000000gm0000000018uvs
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:57 UTC1373INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 30 30 30 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" content="#000000" /> <title></title> <meta name="robots" content="noinde


                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                        13192.168.2.164972913.107.246.45443
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-02 16:59:58 UTC346OUTGET /favicon.ico HTTP/1.1
                                                                                        Host: csi.ehr.com
                                                                                        Connection: keep-alive
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                        Accept: */*
                                                                                        Sec-Fetch-Site: none
                                                                                        Sec-Fetch-Mode: cors
                                                                                        Sec-Fetch-Dest: empty
                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                        2024-10-02 16:59:58 UTC1691INHTTP/1.1 200 OK
                                                                                        Date: Wed, 02 Oct 2024 16:59:58 GMT
                                                                                        Content-Type: text/html
                                                                                        Content-Length: 1373
                                                                                        Connection: close
                                                                                        Cache-Control: public, must-revalidate, max-age=30
                                                                                        ETag: "12055270"
                                                                                        Last-Modified: Fri, 27 Sep 2024 01:51:26 GMT
                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-DNS-Prefetch-Control: off
                                                                                        Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.unum.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.spectrumretailnet.com https://*.ehr.com https://*.cobrowse.oraclecloud.com https://*.livelook.com https://*.pure.cloud; frame-src 'self' https://*.ehr.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.spectrumretailnet.com/ https://*.pure.cloud; object-src 'none'; connect-src 'self' https://*.ehr.com https://*.unum.com https://dc.applicationinsights.azure.com https://dc.applicationinsights.microsoft.com https://dc.services.visualstudio.com https://*.in.applicationinsights.azure.com https://directline.botframework.com wss://directline.botframework.com https://*.pure.cloud wss://*.pure.cloud; img-src 'self' data: blob: https://*.ehr.com https://i.vimeocdn.com/ https://*.pure.cloud; manifest-src 'self' data:;
                                                                                        x-azure-ref: 20241002T165958Z-15767c5fc55rv8zjq9dg0musxg00000009sg00000000p1yx
                                                                                        Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-Cache: CONFIG_NOCACHE
                                                                                        Accept-Ranges: bytes
                                                                                        2024-10-02 16:59:58 UTC1373INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 30 30 30 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65
                                                                                        Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" content="#000000" /> <title></title> <meta name="robots" content="noinde


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:12:59:38
                                                                                        Start date:02/10/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (1).eml"
                                                                                        Imagebase:0x650000
                                                                                        File size:34'446'744 bytes
                                                                                        MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:12:59:40
                                                                                        Start date:02/10/2024
                                                                                        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A69262BD-972A-439F-8F24-67447AB18661" "C3AB50F0-727C-4A88-A596-606E518DBBB6" "7040" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                        Imagebase:0x7ff6ba030000
                                                                                        File size:710'048 bytes
                                                                                        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:12:59:51
                                                                                        Start date:02/10/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/CSI.ehr.com/ESS/Home/login.aspx__;!!I_DbfM1H!FxDBk8DMcpw5OXYCqKkISH0uaoP065SN2SYB_XxiNepI0qFx-WQxUIjEsrV18ztByJsfZvMsFl7b7puipavwPEvNsLo$
                                                                                        Imagebase:0x7ff7f9810000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:12:59:51
                                                                                        Start date:02/10/2024
                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,9197103636515015310,5808329998760959994,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                        Imagebase:0x7ff7f9810000
                                                                                        File size:3'242'272 bytes
                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:false

                                                                                        Disassembly

                                                                                        No disassembly