Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20Listen.eml

Overview

General Information

Sample name:20Listen.eml
renamed because original name is a hash value
Original sample name:Missed__Caller.Ringer-Transcript....%3E%3E%3E%3E%3E%3EID_-eef1da413490032ee87f60ea1a5f1d84,%20Download%20to%20Listen.eml
Analysis ID:1532856
MD5:1162a9ab755e7e125f28b18063c78fcd
SHA1:e76222078fde8083637c12e1cb3d665bacc4e51c
SHA256:05bf04eb228e30647194652f82d426fef36e85c7b595a44bdcc2b2e0aa4bc58f
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish73
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7048 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\20Listen.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7136 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6941A605-7302-4BD6-BF5C-30601A8A903D" "8406B14A-7017-4EA4-9ED7-6830C8DE3365" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,18387354763306928465,2346649231823565567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,14695886725935389924,2068831085740703090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).htmlJoeSecurity_HtmlPhish_73Yara detected HtmlPhish_73Joe Security
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown) (002).htmlJoeSecurity_HtmlPhish_73Yara detected HtmlPhish_73Joe Security

      Sigma Signatures

      Sigma detected: Office Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
      Sigma detected: Outlook Security Settings Updated - Registry
      Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
      Sigma detected: Suspicious Office Outbound Connections
      Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49708, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 7048, Protocol: tcp, SourceIp: 52.123.243.192, SourceIsIpv6: false, SourcePort: 443

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==#dGFyYS5icm93bkBpY2FyZS5uc3cuZ292LmF1SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

      Phishing

      barindex
      Yara detected HtmlPhish73
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown) (002).html, type: DROPPED
      Source: unknownHTTPS traffic detected: 52.123.243.192:443 -> 192.168.2.16:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.190.160.14:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49725 version: TLS 1.2
      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
      Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.14
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: global trafficHTTP traffic detected: GET /config/v2/Office/outlook/16.0.16827.20130/Production/CC?&EcsCanary=1&Clientid=%7bBBCFF8B7-50C1-4E8E-BA39-D9A2E2504C3A%7d&Application=outlook&Platform=win32&Version=16.0.16827.20130&MsoVersion=16.0.16827.20130&ProcessName=outlook.exe&Audience=Production&Build=ship&Architecture=x86&Language=en-US&SubscriptionLicense=false&PerpetualLicense=2019&LicenseCategory=7&LicenseSKU=ProPlus2019Retail&OsVersion=10.0&OsBuild=19045&Channel=CC&InstallType=C2R&SessionId=%7b2A707FD7-108D-4FB3-93C8-BAE9FC2D72D8%7d&LabMachine=false HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipIf-None-Match: "j5JAGFu6Gyd7DtXLgpJU7A9S7Vdo/ZFpMU4AtH0v7xc="User-Agent: Microsoft Office 2014DisableExperiments: falseX-ECS-Client-Last-Telemetry-Events: ecs_client_library_name=MSO,ecs_client_app_name=Office,ecs_client_version=16.0.16827.20130Host: ecs.office.com
      Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
      Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=l51+l2bwwCwC8a9&MD=cbkp+fGF HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1Host: www.iprende.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.iprende.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1Host: www.iprende.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
      Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=l51+l2bwwCwC8a9&MD=cbkp+fGF HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1Host: www.iprende.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1Host: www.iprende.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
      Source: global trafficHTTP traffic detected: GET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1Host: www.iprende.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
      Source: global trafficDNS traffic detected: DNS query: www.iprende.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 14 Oct 2024 00:06:24 GMTServer: ApacheSet-Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8; path=/; HttpOnlyX-Logged-In: FalseX-Content-Powered-By: K2 v2.10.3 (by JoomlaWorks)Cache-Control: no-cachePragma: no-cacheVary: Accept-EncodingConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
      Source: chromecache_72.11.drString found in binary or memory: http://www.iprende.com/index.php/blog
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
      Source: 20Listen.eml, ~WRS{2E924EC0-9FFA-429A-8381-6D8982CC741D}.tmp.1.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.aadrm.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.aadrm.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.cortana.ai
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.diagnostics.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.microsoftstream.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.microsoftstream.com/api/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.office.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.onedrive.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://api.scheduler.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://apis.live.net/v5.0/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://app.powerbi.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://augloop.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://augloop.office.com/v2
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://canary.designerapp.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.entity.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cortana.ai
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cortana.ai/api
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://cr.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://d.docs.live.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dataservice.o365filtering.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dataservice.o365filtering.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://designerapp.azurewebsites.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://designerappservice.officeapps.live.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dev.cortana.ai
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://devnull.onenote.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://directory.services.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ecs.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://edge.skype.com/rps
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://graph.ppe.windows.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://graph.ppe.windows.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://graph.windows.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://graph.windows.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ic3.teams.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://incidents.diagnostics.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://invites.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://lifecycle.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.microsoftonline.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.microsoftonline.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.microsoftonline.com/organizations
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.windows.local
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://make.powerautomate.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://management.azure.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://management.azure.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.action.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.engagement.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://messaging.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://mss.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ncus.contentsync.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ncus.pagecontentsync.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officeapps.live.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officepyservice.office.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://onedrive.live.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://onedrive.live.com/embed?
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://otelrules.azureedge.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office365.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office365.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://outlook.office365.com/connectors
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pages.store.office.com/review/query
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://powerlift.acompli.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://pushchannel.1drv.ms
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://res.cdn.office.net
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://service.powerapps.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://settings.outlook.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://shell.suite.office.com:1443
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://skyapi.live.net/Activity/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://staging.cortana.ai
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://store.office.cn/addinstemplate
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://store.office.de/addinstemplate
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://substrate.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://tasks.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://templatesmetadata.office.net/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://web.microsoftstream.com/video/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://webshell.suite.office.com
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://wus2.contentsync.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://wus2.pagecontentsync.
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://www.odwebp.svc.ms
      Source: 81118F54-2AB5-474E-AAA2-811828A5F714.1.drString found in binary or memory: https://www.yammer.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 52.123.243.192:443 -> 192.168.2.16:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 20.190.160.14:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49725 version: TLS 1.2
      Source: classification engineClassification label: mal56.phis.winEML@30/25@4/6
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241013T2005550986-7048.etlJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\20Listen.eml"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6941A605-7302-4BD6-BF5C-30601A8A903D" "8406B14A-7017-4EA4-9ED7-6830C8DE3365" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,18387354763306928465,2346649231823565567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,14695886725935389924,2068831085740703090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6941A605-7302-4BD6-BF5C-30601A8A903D" "8406B14A-7017-4EA4-9ED7-6830C8DE3365" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).htmlJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).htmlJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,18387354763306928465,2346649231823565567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,14695886725935389924,2068831085740703090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
      Source: Google Drive.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: YouTube.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Sheets.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Gmail.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Slides.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: Docs.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		1
      DLL Side-Loading      		Security Account Manager13
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      mira-tmc.tm-4.office.com0%VirustotalBrowse
      www.iprende.com3%VirustotalBrowse
      www.google.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==#dGFyYS5icm93bkBpY2FyZS5uc3cuZ292LmF1100%SlashNextCredential Stealing type: Phishing & Social Engineering
      https://api.diagnosticssdf.office.com0%URL Reputationsafe
      https://login.microsoftonline.com/0%URL Reputationsafe
      https://shell.suite.office.com:14430%URL Reputationsafe
      https://designerapp.azurewebsites.net0%URL Reputationsafe
      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
      https://autodiscover-s.outlook.com/0%URL Reputationsafe
      https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
      https://outlook.office365.com/connectors0%URL Reputationsafe
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
      https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
      https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
      https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
      https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
      https://canary.designerapp.0%URL Reputationsafe
      https://ic3.teams.office.com0%URL Reputationsafe
      https://www.yammer.com0%URL Reputationsafe
      https://www.yammer.com0%URL Reputationsafe
      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
      https://cr.office.com0%URL Reputationsafe
      https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
      https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
      https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
      https://edge.skype.com/registrar/prod0%URL Reputationsafe
      https://graph.ppe.windows.net0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://tasks.office.com0%URL Reputationsafe
      https://officeci.azurewebsites.net/api/0%URL Reputationsafe
      https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
      https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
      https://api.scheduler.0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://api.aadrm.com0%URL Reputationsafe
      https://edge.skype.com/rps0%URL Reputationsafe
      https://globaldisco.crm.dynamics.com0%URL Reputationsafe
      https://messaging.engagement.office.com/0%URL Reputationsafe
      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
      https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
      https://web.microsoftstream.com/video/0%URL Reputationsafe
      https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://graph.windows.net0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://analysis.windows.net/powerbi/api0%URL Reputationsafe
      https://aka.ms/LearnAboutSenderIdentification0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://substrate.office.com0%URL Reputationsafe
      https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
      https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
      https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
      https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
      https://ncus.contentsync.0%URL Reputationsafe
      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
      http://weather.service.msn.com/data.aspx0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://officepyservice.office.net/service.functionality0%URL Reputationsafe
      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
      https://templatesmetadata.office.net/0%URL Reputationsafe
      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
      https://messaging.lifecycle.office.com/0%URL Reputationsafe
      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
      https://mss.office.com0%URL Reputationsafe
      https://pushchannel.1drv.ms0%URL Reputationsafe
      https://management.azure.com0%URL Reputationsafe
      https://outlook.office365.com0%URL Reputationsafe
      https://wus2.contentsync.0%URL Reputationsafe
      https://incidents.diagnostics.office.com0%URL Reputationsafe
      https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
      https://make.powerautomate.com0%URL Reputationsafe
      https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
      https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
      https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
      https://api.office.net0%URL Reputationsafe
      https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
      https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
      https://api.microsoftstream.com/api/0%VirustotalBrowse
      https://otelrules.svc.static.microsoft0%VirustotalBrowse
      https://outlook.office.com/autosuggest/api/v1/init?cvid=0%VirustotalBrowse
      https://d.docs.live.net0%VirustotalBrowse
      https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false1%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      mira-tmc.tm-4.office.com
      		52.123.243.192
      		truefalseunknown
      www.iprende.com
      		194.53.148.86
      		truefalseunknown
      www.google.com
      		142.250.186.36
      		truefalseunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==#dGFyYS5icm93bkBpY2FyZS5uc3cuZ292LmF1true
      • SlashNext: Credential Stealing type: Phishing & Social Engineering
      		unknown
      https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==false
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://api.diagnosticssdf.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://login.microsoftonline.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://shell.suite.office.com:144381118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://designerapp.azurewebsites.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://autodiscover-s.outlook.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://useraudit.o365auditrealtimeingestion.manage.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://outlook.office365.com/connectors81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://cdn.entity.81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://api.addins.omex.office.net/appinfo/query81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://clients.config.office.net/user/v1.0/tenantassociationkey81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://powerlift.acompli.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://rpsticket.partnerservices.getmicrosoftkey.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://lookup.onenote.com/lookup/geolocation/v181118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://cortana.ai81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://api.powerbi.com/v1.0/myorg/imports81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://cloudfiles.onenote.com/upload.aspx81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://entitlement.diagnosticssdf.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://api.aadrm.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://ofcrecsvcapi-int.azurewebsites.net/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://canary.designerapp.81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://ic3.teams.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://www.yammer.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://api.microsoftstream.com/api/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://cr.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
        • URL Reputation: safe
        		unknown
        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          		unknown
          https://messagebroker.mobile.m365.svc.cloud.microsoft81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://otelrules.svc.static.microsoft81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
          https://portal.office.com/account/?ref=ClientMeControl81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/c2r/v1.0/DeltaAdvisory81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/registrar/prod81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.ppe.windows.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptionevents81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://powerlift-frontdesk.acompli.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://sr.outlook.office.net/ws/speech/recognize/assistant/work81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://api.scheduler.81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://my.microsoftpersonalcontent.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
          https://store.office.cn/addinstemplate81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.aadrm.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/rps81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office.com/autosuggest/api/v1/init?cvid=81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
          https://globaldisco.crm.dynamics.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://messaging.engagement.office.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://dev0-api.acompli.net/autodetect81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://www.odwebp.svc.ms81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.diagnosticssdf.office.com/v2/feedback81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.powerbi.com/v1.0/myorg/groups81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://web.microsoftstream.com/video/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.addins.store.officeppe.com/addinstemplate81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.windows.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://dataservice.o365filtering.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officesetup.getmicrosoftkey.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://analysis.windows.net/powerbi/api81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://aka.ms/LearnAboutSenderIdentification20Listen.eml, ~WRS{2E924EC0-9FFA-429A-8381-6D8982CC741D}.tmp.1.drfalse
          • URL Reputation: safe
          		unknown
          https://prod-global-autodetect.acompli.net/autodetect81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://substrate.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/autodiscover/autodiscover.json81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://consent.config.office.com/consentcheckin/v1.0/consents81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://d.docs.live.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
          https://safelinks.protection.outlook.com/api/GetPolicy81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://ncus.contentsync.81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalseunknown
          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          http://weather.service.msn.com/data.aspx81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://apis.live.net/v5.0/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officepyservice.office.net/service.functionality81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://templatesmetadata.office.net/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://messaging.lifecycle.office.com/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://mss.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://pushchannel.1drv.ms81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://management.azure.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://wus2.contentsync.81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://incidents.diagnostics.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/user/v1.0/ios81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://make.powerautomate.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.addins.omex.office.net/api/addins/search81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://insertmedia.bing.office.net/odc/insertmedia81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/api/v1.0/me/Activities81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.office.net81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://incidents.diagnosticssdf.office.com81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown
          https://asgsmsproxyapi.azurewebsites.net/81118F54-2AB5-474E-AAA2-811828A5F714.1.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.36
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          194.53.148.86
          		www.iprende.comSpain
          		210181OPEN6HOSTINGESfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          52.123.243.192
          		mira-tmc.tm-4.office.comUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

          Private

          IP
          192.168.2.16
          127.0.0.1

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1532856
          Start date and time:2024-10-14 02:05:23 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 42s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:20Listen.eml
          renamed because original name is a hash value
          Original Sample Name:Missed__Caller.Ringer-Transcript....%3E%3E%3E%3E%3E%3EID_-eef1da413490032ee87f60ea1a5f1d84,%20Download%20to%20Listen.eml
          Detection:MAL
          Classification:mal56.phis.winEML@30/25@4/6
          Cookbook Comments:
          • Found application associated with file extension: .eml

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.28.46, 13.70.79.200, 20.189.173.14, 52.109.28.48, 142.250.186.67, 142.250.186.78, 64.233.184.84, 34.104.35.123, 52.109.76.144, 52.109.89.119, 142.250.186.35, 142.250.184.206, 52.109.68.130
          • Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, mobile.events.data.microsoft.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, clients2.google.com, update.googleapis.com, officeclient.microsoft.com, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, clients1.google.com, ecs.office.com, onedscolprdaue01.australiaeast.cloudapp.azure.com, fs.microsoft.com, onedscolprdwus13.westus.cloudapp.azure.com, accounts.google.com, prod.configsvc1.live.com.akadns.net, frc-azsc-000.odc.officeapps.live.com, weu-azsc-000.odc.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.odc.officeapps.live.com, edgedl.me.gvt1.com, config.officeapps.live.com, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtSetValueKey calls found.
          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

          Simulations

          Behavior and APIs

          No simulations

          LLM Input / Output

          InputOutput
          URL: Email Model: jbxai
          {
"brands":[],
"text":"You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important",
"contains_trigger_text":true,
"trigger_text":"You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important",
"prominent_button_name":"Learn why this is important",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          239.255.255.250https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousHTMLPhisherBrowse
            https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousUnknownBrowse
              https://payrollruntimesheet.weebly.com/verify.htmlGet hashmaliciousHTMLPhisherBrowse
                https://john17237.wixsite.com/my-siteGet hashmaliciousHTMLPhisherBrowse
                  http://chwcs91azo1jf8f6b6acu6sf7da7lxazxwg6fo8epa.sbxaccountants.com.au/Get hashmaliciousCaptcha PhishBrowse
                    http://gigabytecomputerbd.com/Get hashmaliciousUnknownBrowse
                      http://painel.simpatiafm.com.br/Get hashmaliciousUnknownBrowse
                        https://fexegreuyauja-8124.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                          https://pub-c5538851da6244d790b9ba2a84c8b2af.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                            https://verfiy-blue-badge-sign-up.vercel.app/Get hashmaliciousHTMLPhisherBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              mira-tmc.tm-4.office.comFACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                              • 52.123.243.76
                              Baylor financial-RemittanceSeptember 26, 2024_-YTRKOKQTQALJDQKMPCNJ.xlsxGet hashmaliciousUnknownBrowse
                              • 52.123.250.22
                              https://bit.ly/3e7c84f1a590a3e6Get hashmaliciousUnknownBrowse
                              • 52.123.243.75
                              http://links.notification.intuit.com/ls/click?upn=u001.SkyGoo-2FemZT6Xc-2Fn1lGbnolA50y-2BF9TWqkK0lI1Lm8fNvXP5-2FxDdNExe3CY544wPZVOkx-2Bsb4ktfZUcbQ6XLB20HmfCeoj1T2aelwaQzxGxMnTNFli2-2BrNhm0JvsfNUOIIJqYRWJxaQsuLVs5VCMhffG2lTRKD2VHPufoX4krOa6H9u-2BswQJugvBxenvDm6ryxsAgdom2ZlsPly8gQHTmmGA0e4JqVxBlbpwxEjAi46yNObb7Zpazasei6XkORobIapekQPzXsJ71T45LzvqAQ-3D-3DMkNx_Lz1KNxRQ-2BhpMzFq-2FlH4AKqCRJ4ktuz3qvKgyeRYtJ6yBmvmV-2BZ0U24UegXC0XfOyUEuTSkfSENCnOCwyzKwb0kCHFHFDdnv66AioaHwaO4s5rMAlYpznEILF09jWXOudalvyYlmropwA3gdFfxAbaRZDEWRi21-2B70QtYNIScTeI0VayDvzVjeJlwn1-2BgbfvfBzeS1tuo-2FenkBe8eF-2BE3by5QpSxtITlNfoAVUGXsNlvTZEQM3-2FYR74YwecI-2FDKeE16lgq90rXZHKzunPdGoBerI70g-2FBqptLiyOyE-2BjCDf-2BkiKX4kVfVJC0jehjgxJnWOuKV5vP7P57-2BifRsX4zK95A4kvk3SYQ6b6cBZNhso9U5EX05JF2ZMO3czWZWv9sDz7cz-2FQ-2BVd5yL93eWEITfWo-2FcKvVxsZFCyEEG25yQibnuTqOa6boJpfshWWoiuqSOjthWaNm73jLAWM01JvRU3-2BQ4pk5wG0BCar-2FLcZwCjX-2BQn3saiabdI-2B-2FpPD1zVdQBWYb4ug15lEZ44lMLNBo0Jyoz75uQt-2FGrnRxwx9TJ8t-2Bfn4E8-2BAoPseLpJAVO8o49MEncOq1StLSHHC1MAw6zRNG45dedXm3OTP1oMH1yL0wNogEHoy83st8BzmWmPtNVl3lCzNpI3ps0iYjiS3p9EyxZeHwUYt5rTmsDfr8BPbnvpdb-2BbFkKCLzSN8dJ0oJUylT3TG2600-2BJVSVoJ0n8Dh2HPy-2FbmSgo2WTF5sYH3X9I0Xw8cz6y6aJOTqGp-2F8gdcIuajXkdGUVLC7xQIAV-2FHfoaAzs6NiCMNVeu61LHb-2FdHDydfIMNNQl0qqNVH-2FsILPCgGi7lecZqIT05DXyjrDlEBb3M-2FYGecxFad-2B-2Bux-2FYfoZSDqRSTBC7tQlTtmhsrKVuhy5IpooyvRdlAIWsplAGkVrtjxeJxZ1BZtYqsjENuZgxV5ITi-2BDITOKOpzjiQVV1PuKLkJ-2FIO1B8tO-2BPJ-2Fq54rq0tRq-2BwJ4fsF1jVdeaFC1497rVvFDh00yQOS2vcufkimi10b9eiGGETxWcJ9KUizGHD3uKz5j1WS3wYolTj-2FCGvMysBKRIZ3wqF2ljBUFUirmjyYn2QRBx3sk48bwyql-2B9PQYdne7I-2BMy5atnpZhpFdqUjfYzZ8IAOgg7I-2Fo6-2Brz3WkLf6XgODSEUk1OLNPig9Kah4cP3gw0Zhr5zGY3R1DH-2BQGVeCOHueYWakCXQAj5ydgjlsgEph06b7KUe7Hy1yhcJWj1MnXaP95wGgDhjTVicETnW4s4dmlVmXxp8nWlwEIQvqPQFLoEt2iD1iqu5XecItXuXHzvq2q8I0jE6VYRiE9dNC-2BDlydu4ntCGg5L2qm4s8Kr6DyKcI5wRI-2FEHqQLMBGewDuGPwZ6-2FHohbLDaRkaInJxDGA50w2P1P3Et8px7m0XPOoDT9D5IWzO9-2BKgvkbtnlO4hdyGU4xGccrZlr5u1q2Jc9jjAxxa9HJiA-2BbjeyvY2lqShkOe5vnvBxafBYgqUYAnXRpwgIBg-3DGet hashmaliciousUnknownBrowse
                              • 52.123.250.26

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              MICROSOFT-CORP-MSN-AS-BLOCKUSSecuriteInfo.com.Win32.Trojan.Agent.1MWNV4.31044.30727.exeGet hashmaliciousUnknownBrowse
                              • 20.42.73.29
                              https://f120987.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              https://kucoinexplora.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.28.10
                              https://currenntlyattyah06.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                              • 13.107.253.51
                              http://bdvinformation.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.28.10
                              http://secureprotocol1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              https://currenntlyattyah06.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              http://bdvinformation.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              http://secureprotocol1.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              https://currenntlyattyah06.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                              • 150.171.27.10
                              OPEN6HOSTINGESindex_2021-09-25-14_08.exeGet hashmaliciousUnknownBrowse
                              • 194.53.148.30
                              FarmaUtils.exeGet hashmaliciousUnknownBrowse
                              • 194.53.148.30

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              28a2c9bd18a11de089ef85a160da29e4https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395Get hashmaliciousUnknownBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://payrollruntimesheet.weebly.com/verify.htmlGet hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://john17237.wixsite.com/my-siteGet hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              http://chwcs91azo1jf8f6b6acu6sf7da7lxazxwg6fo8epa.sbxaccountants.com.au/Get hashmaliciousCaptcha PhishBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              http://gigabytecomputerbd.com/Get hashmaliciousUnknownBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              http://painel.simpatiafm.com.br/Get hashmaliciousUnknownBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://fexegreuyauja-8124.vercel.app/mixc.htmlGet hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://pub-c5538851da6244d790b9ba2a84c8b2af.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://verfiy-blue-badge-sign-up.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              https://shawnoreplyonlineaccess.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                              • 20.190.160.14
                              • 172.202.163.200
                              • 184.28.90.27
                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              SecuriteInfo.com.Win32.Evo-gen.15503.22039.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              SecuriteInfo.com.Win32.Evo-gen.11764.10915.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              SecuriteInfo.com.Variant.Lazy.606929.21165.21266.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              SecuriteInfo.com.Variant.Lazy.606929.30223.9667.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192
                              file.exeGet hashmaliciousLummaCBrowse
                              • 52.123.243.192

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):231348
                              Entropy (8bit):4.386345664659467
                              Encrypted:false
                              SSDEEP:1536:o+YLqIgscCz1js9jxgs0vNcAz79ysQqt2fTqJjqoQU0rcm0FvsJYyRv6pI8cI455:0NgWgfgxmiGu20qoQfrt0FvicfU3WYs4
                              MD5:D158AABD1C682ABD657676C81839760A
                              SHA1:FB752C951EF710A67B8238F95719FCF371C15822
                              SHA-256:44D911546C2688DC098C8FDE3A1492AF4E92B57CCEE1596F05611254056329DD
                              SHA-512:B2AB0C41016AD264EB1B474E9D7A49C348F9B0073038BDFE5B7B1318D751751EB475AC7A62A337E7EB21B274D95EE603B1A8D78FBB93374EEB033069B77E59E2
                              Malicious:false
                              Preview:TH02...... ..?..........SM01X...,....X..............IPM.Activity...........h...............h............H..h..{.......B...h............H..h\cal ...pDat...h....0....{....hz..)...........h........_`Qk...h...)@...I.lw...h....H...8.Vk...0....T...............d.........2h...............k4A............!h.............. h...L......{...#h....8.........$h........8....."h.z......(}....'h..............1hz..)<.........0h....4....Vk../h....h.....VkH..h.U..p.....{...-h .......4.{...+h..)......{.....-.F.1.D.C.-. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\81118F54-2AB5-474E-AAA2-811828A5F714

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):178099
                              Entropy (8bit):5.290527899516943
                              Encrypted:false
                              SSDEEP:1536:3i2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:CCe7HW8bM/o/TXgk9o
                              MD5:84208914CEA92FD5098375A60A418DCB
                              SHA1:A75A2407616EE7DA908A829B0CCCDE8FD5B5D304
                              SHA-256:4AC5E269EC0D8B9C8F82B1084644F54A576D3E9FE9AE77D4AB00629766F2512D
                              SHA-512:DA0FDD0A25D57BA0DD958F207B5831924D93DF4E39E8ED8B578E5F26667CC38C56276B7087FBE5F0C81381CEB3AA22ED4DA3CD8E15194BC9B8F70DF9B88DF487
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-14T00:05:57">.. Build: 16.0.18204.40137-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.04472433142578256
                              Encrypted:false
                              SSDEEP:3:GtlxtjlNdO6ffDlI/ltlxtjlNdO6ffD/l7R9//8l1lvlll1lllwlvlllglbelDbj:GttdXDilttdXDtF9X01PH4l942wU
                              MD5:9CA9838B81346870CA4CA3D23528C4B4
                              SHA1:2E40E78A1C64885F4ED38FEB48F1488BA0D9A15E
                              SHA-256:DCA75D49337510C4FC520497D9D74DC5125BBF0A08D35D8736FB78C5A5E21781
                              SHA-512:7F97A6759EAD87C598DBA4855D0AA91ECB2B46AF44FCD29D7D7E18DE1B58F0E1A78BEA3FB3984F1372FED05425BCBA3D533347625269DEE450A2F590B2A0DD09
                              Malicious:false
                              Preview:..-.....................b.Y.Y.M2.I...s?.......1..-.....................b.Y.Y.M2.I...s?.......1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite Write-Ahead Log, version 3007000
                              Category:dropped
                              Size (bytes):49472
                              Entropy (8bit):0.48296676217662327
                              Encrypted:false
                              SSDEEP:48:RsYQ1ubzUll7DYMzzO8VFDYMsojwsBO8VFDYML:Rw6All44jVGToHjVGC
                              MD5:AA0781F759261C0AA2E73EA394F4606E
                              SHA1:5FE639B3AD16A93DB768F7C9F05D2D152CE002F0
                              SHA-256:02634317E649D6B5D87CE2B39EA798FB79B8BF64DDD3CEFFDAD61AF09BFFAA7D
                              SHA-512:05E261668784C64EE16B29431FE5CD97B0B83C83F1F1C0E7DDFB7DDD3BB6692CC01F57742F5938EF8D8F28C45658A080E49FA9B764A1294C04A9A978D4B7B245
                              Malicious:false
                              Preview:7....-..........2.I...s?.1.Ew...........2.I...s?..._..*!SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown) (002).html

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):5331
                              Entropy (8bit):4.487787364106538
                              Encrypted:false
                              SSDEEP:48:KBjjReqHZDICRergqsVDncvBhWxnOvDxN7IglOcMSP1tZ2d1mU1o41Tgf1T61u5y:KjxFBtVDs9FwV8DJ9/Svxzf
                              MD5:5D6363398F012EADBD7836162077ACE4
                              SHA1:92DA37EDECAB7EB95232C4E7E753EF1AAACD6FE9
                              SHA-256:732885ED085B25EFA916DD22DA4D10E4B6506BD4A2F8F77F70B5DDC1A556BA1C
                              SHA-512:8F208B7252B7735D7B26370B07515496FB92678D914433D8BD67FB73072A4F6CDA03F4FCEE337666A1F8E00FEC303C434E6DA53D613A24D757B92DA0BAFF8573
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_HtmlPhish_73, Description: Yara detected HtmlPhish_73, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown) (002).html, Author: Joe Security
                              Preview:<body style="display:none;">.. <div class="pricing-block col-3 wow fadeInUp" data-wow-delay="0.8s">.. <div class="pricing-block-content">.. <h3>Business</h3>.. <p class="pricing-sub">Hyatt, Goyette and Emmerich For the Hyatt, Goyette and Emmerich whole team</p>.. <div class="pricing">.. <div class="price"><span>$</span>49</div>.. <p>"Alberta Thiel" <Alberta59@hyattgoyetteandemmerich.com> Lorem ipsum dolor sit amet, "Alberta Thiel" <Alberta59@hyattgoyetteandemmerich.com> consectetur adipiscing elit Hyatt, Goyette and Emmerich</p>.. </div>.. <ul>.. <li>Unlimited Downloads</li>.. <li>Unlimited Extensions</li>.. <li>HD Video Tutorials</li>.. <li>Chat Support</li>.. <li>Lifetime free updates</li>.. </ul>.. <a href="#" class="button">BUY TODAY</a>.. </div>.. </div>.. <div class="pricing-blo

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown) (002).html:Zone.Identifier

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:gAWY3n:qY3n
                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                              Malicious:false
                              Preview:[ZoneTransfer]..ZoneId=3..

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):5331
                              Entropy (8bit):4.487787364106538
                              Encrypted:false
                              SSDEEP:48:KBjjReqHZDICRergqsVDncvBhWxnOvDxN7IglOcMSP1tZ2d1mU1o41Tgf1T61u5y:KjxFBtVDs9FwV8DJ9/Svxzf
                              MD5:5D6363398F012EADBD7836162077ACE4
                              SHA1:92DA37EDECAB7EB95232C4E7E753EF1AAACD6FE9
                              SHA-256:732885ED085B25EFA916DD22DA4D10E4B6506BD4A2F8F77F70B5DDC1A556BA1C
                              SHA-512:8F208B7252B7735D7B26370B07515496FB92678D914433D8BD67FB73072A4F6CDA03F4FCEE337666A1F8E00FEC303C434E6DA53D613A24D757B92DA0BAFF8573
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_HtmlPhish_73, Description: Yara detected HtmlPhish_73, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html, Author: Joe Security
                              Preview:<body style="display:none;">.. <div class="pricing-block col-3 wow fadeInUp" data-wow-delay="0.8s">.. <div class="pricing-block-content">.. <h3>Business</h3>.. <p class="pricing-sub">Hyatt, Goyette and Emmerich For the Hyatt, Goyette and Emmerich whole team</p>.. <div class="pricing">.. <div class="price"><span>$</span>49</div>.. <p>"Alberta Thiel" <Alberta59@hyattgoyetteandemmerich.com> Lorem ipsum dolor sit amet, "Alberta Thiel" <Alberta59@hyattgoyetteandemmerich.com> consectetur adipiscing elit Hyatt, Goyette and Emmerich</p>.. </div>.. <ul>.. <li>Unlimited Downloads</li>.. <li>Unlimited Extensions</li>.. <li>HD Video Tutorials</li>.. <li>Chat Support</li>.. <li>Lifetime free updates</li>.. </ul>.. <a href="#" class="button">BUY TODAY</a>.. </div>.. </div>.. <div class="pricing-blo

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html:Zone.Identifier

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:gAWY3n:qY3n
                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                              Malicious:false
                              Preview:[ZoneTransfer]..ZoneId=3..

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2E924EC0-9FFA-429A-8381-6D8982CC741D}.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):2292
                              Entropy (8bit):1.7255942694622088
                              Encrypted:false
                              SSDEEP:12:gxlXUIHPXz+5uvElKk8YepJLzXcFKuOwv9VAG1QlQlqM7WDicXL2Vkl5ikl:gxlXUIHy5v8l1zdZO9cicXL2Vkll
                              MD5:EE0752AC3D40649D287EF9D1E690798C
                              SHA1:B5DE0E21692B3BC195741BB9B2C9A9573D7DED2D
                              SHA-256:3BB3F5596B20C5ADF3F5381E6D0BF92BA5B1884BB1FE3DA1D1226AA743920540
                              SHA-512:075D7EE28F7CECCD118577AC2C34F84D1098D4985C1D432B793495A92F66D5A281BF2C25AA23F696B0B901C19755314B5E78833E63A62E6A120CAF386FD598C9
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728864356199181800_2A707FD7-108D-4FB3-93C8-BAE9FC2D72D8.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with very long lines (28765), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.16029723303237584
                              Encrypted:false
                              SSDEEP:1536:QbkRA2noT7FBYyoCZHVE8EduPpO90t1jH98bVkfxaCyEqcYstk8q5BtBH:s2olBYiT7ts
                              MD5:3AF6162499A755DA327D78F2A1AB5EA4
                              SHA1:768E884B69E58222111ABFE9E88D7EE1C1B155B7
                              SHA-256:8185BC15D8E91F6FDBDD681671EDC0A748E39DAC43EE1F194302A5DFC4C885FA
                              SHA-512:1AF3BF771D78E63708368EC689ABC35D94BF23EF0A0BEDB92B7DA02E83093A4A04FD06AB4B3C98FD9289D53DF35EA156DAF089E72710AC4EE9845C3090ABD13D
                              Malicious:false
                              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/14/2024 00:05:56.241.OUTLOOK (0x1B88).0x1B8C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-10-14T00:05:56.241Z","Contract":"Office.System.Activity","Activity.CV":"139wKo0Qs0+TyLrp/C1y2A.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/14/2024 00:05:56.289.OUTLOOK (0x1B88).0x1B8C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-14T00:05:56.289Z","Contract":"Office.System.Activity","Activity.CV":"139wKo0Qs0+TyLrp/C1y2A.4.10","Activity.Duration":10437,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728864356200109300_2A707FD7-108D-4FB3-93C8-BAE9FC2D72D8.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3::
                              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                              Malicious:false
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241013T2005550986-7048.etl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):106496
                              Entropy (8bit):4.512215081909634
                              Encrypted:false
                              SSDEEP:768:SN/JR9+iKdH71Q73QR4YzXEY58yGrJ39s46FxqDXKLzfYWBW3WXWuftQS:Oq4Yq39s46qDXKntQS
                              MD5:2832D8FBB93DAF811818B9C1F5C7F522
                              SHA1:8C5DD0163E9B13DA93F2ADCFA2B5D8AF7F508904
                              SHA-256:391779D3B69B000B1752BD5B1D7D43457E6E5972DBBF0B9ED53DD9E22A625BA2
                              SHA-512:707BA3C2CBC3E6C66244966939C036B31CC5E5C37B94FB7F9EA6588292E2804080EA1AD1ADF0D9D337149C38C9120FD49C8172E37F90C1813ABBBCA1C15517A4
                              Malicious:false
                              Preview:............................................................................`............)G.....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................p....Y...........)G.............v.2._.O.U.T.L.O.O.K.:.1.b.8.8.:.a.1.7.b.1.c.9.2.2.0.a.e.4.f.1.6.b.0.6.a.b.2.4.a.9.6.8.c.a.2.1.7...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.3.T.2.0.0.5.5.5.0.9.8.6.-.7.0.4.8...e.t.l.......P.P..........)G.............................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):30
                              Entropy (8bit):1.2389205950315936
                              Encrypted:false
                              SSDEEP:3:0Eav:0L
                              MD5:C3EE575F560E26D5D341982B8B3F6530
                              SHA1:D714D2252A8E2F49B5360A1E532EF4AA28FE67EE
                              SHA-256:11E1C2C8063239367EBC3DEFB91ECDEDFBDCB8A634BA2A454EA6D5069BE4405C
                              SHA-512:E8BA09A56C17AB9B757D1E4ABD214A000A4DFBD6260609B4191E5C8D509FD03CC7A23653A7F448FF1F976D967541EC444DD6E14D982B08D308AC119F379C5179
                              Malicious:false
                              Preview:....C.........................

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 23:06:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2673
                              Entropy (8bit):3.97479433045738
                              Encrypted:false
                              SSDEEP:48:8jdVT956H6idAKZdA1FehwiZUklqehKy+3:8Ln/Fy
                              MD5:2E7C0862CB24FAEFC199B5B6A5ED583A
                              SHA1:AB74E0330529742DFD444760626BF1328E56958B
                              SHA-256:DDB359CF8E086293C5A981E8C473C09A41868109059BB75B9424A5210989EAEA
                              SHA-512:9E2A57190D600B6C2B317D2FAFCC3E613CA90C2E921D36202644F9D9E3BA4F23C14FBF0C23520745D7E0C7207324B39AA0E4CBB2DA75C3015ECC0052131D2417
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....8......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 23:06:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2675
                              Entropy (8bit):3.9921634592383097
                              Encrypted:false
                              SSDEEP:48:8tdVT956H6idAKZdA1seh/iZUkAQkqeh1y+2:81nJ9Qoy
                              MD5:9F671053CB36AAB12093382FB2699E51
                              SHA1:C66B1B921CF9429DDAEACC96C8F660EA5C48409A
                              SHA-256:04EC78F76D5F9DC3706BB8CB3DB4F300C6D76A7CC096AA63D1D09088097162AE
                              SHA-512:D1B3019537CB1C533B1C4E24FEFD60BEB8C5A9CDD1A30768D8899AAB98BC3CF3B1294FFEE6F858EC5F193E0209CFA2F0E7C475C5F738F69C7FB2E79756A7E407
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....Q......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2689
                              Entropy (8bit):3.9995839486871043
                              Encrypted:false
                              SSDEEP:48:8bdVT95AH6idAKZdA14meh7sFiZUkmgqeh7sby+BX:8jnbn5y
                              MD5:0D6979367A51F88DC927CD782C1A004B
                              SHA1:F193F2C70674363F47CD909D45F496ED28420B52
                              SHA-256:CE76BED2F48D83E7FB86DC12569348293FB0DCDC0A05D767D11BE0DEC310D36F
                              SHA-512:6A156467B6F74F70D6DB998AE852D91A2E1C435F1BBDDC03F7224FAB0359B2236B542D2AF0DE41AE5760DF3BC8E92264017D1463C6300BEDBB76D774264E82C5
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 23:06:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9874392995080306
                              Encrypted:false
                              SSDEEP:48:89dVT956H6idAKZdA1TehDiZUkwqehxy+R:8lnazy
                              MD5:D7297B7993E8515A3FDAA72DCD08998E
                              SHA1:ADE43709B8C77C6A6CE25239E38ECE995FB9D386
                              SHA-256:E3E00470C4F300DD3F7E0D0A0FAEEDFA1A73E1A9254231ED6F20BE54537EC4CD
                              SHA-512:16D1764AB665FDC8E946A620A4E3A84A5B219AAAFE66099D33794648BE461F8F5D67E8703F3099EB1AAF403F8969AD41CB5EF89B6C02EB29DB8A0BBA083A6AF0
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 23:06:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.9764321057355905
                              Encrypted:false
                              SSDEEP:48:85dVT956H6idAKZdA1dehBiZUk1W1qehPy+C:8pn69vy
                              MD5:6578823F92B5E072351A4CC7FA24F2C7
                              SHA1:FD4754E07FA9ED7544D2626D31D7BC5578CEB880
                              SHA-256:3E293B3E0BEE701F1C31D8544742B417D6F858881B7C26F7244F726C1E8177D0
                              SHA-512:177AC6A6B60D5D5B154CEAECA6B102FA7F1C8942E913F1AF5CFA9748CE490516DA66EF61AC6DB94C83C6197291706A4C6612EDCDA4B23981D04072F700FAD987
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....)l......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 23:06:23 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.988312463528096
                              Encrypted:false
                              SSDEEP:48:8tdVT956H6idAKZdA1duTeehOuTbbiZUk5OjqehOuTb5y+yT+:81nQTfTbxWOvTb5y7T
                              MD5:34F9837AE66F342B20E8AE64A2A7C855
                              SHA1:666F2B0F513BC73C50AED40C2B9DE0CF8F8FBE2B
                              SHA-256:8A4F2B5698BA13C2AD1A208300C6897833360A81503F9381A7AEBC2CB748AECD
                              SHA-512:018350B237EC5AE7E59A67FBD834674A1A6184C10D26421219A6D024E00562964FA8A2B932863BB7DC142DA05821BFECE92E37882FC52652AC447520C7B94D21
                              Malicious:false
                              Preview:L..................F.@.. ...$+.,....[.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.INY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VNY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VNY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VNY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VNY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:Microsoft Outlook email folder (>=2003)
                              Category:dropped
                              Size (bytes):271360
                              Entropy (8bit):3.1180109714776294
                              Encrypted:false
                              SSDEEP:6144:MPw6pCEkNCEkrCEkaCEk/CEkvCEkqXCEkKYar:apCEkNCEkrCEkaCEk/CEkvCEkqXCEk
                              MD5:B8345B5DAADC73EF7546D13D6DCED39C
                              SHA1:71E7791EB31B119BE07A2BBA5C169822DB18ABDC
                              SHA-256:A0AB60326040F341AFA09EEB9A37847A992ABD2C3DCB1F1252A849BFC4AE94A8
                              SHA-512:1E89BCA19DFEEA2A3489DEBA2E3DBFCD81E9720CCF8CC68F763B91DAD4A825295B164147B9CF50CDC12F90DF79A44B7E0A5CBC453FDA8DD234142A7076138DB7
                              Malicious:false
                              Preview:!BDN..G.SM......\.......................[................@...........@...@...................................@...........................................................................$.......D......@K..................................................................................................................................................................................................................................................................................................................................1?.INz......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):131072
                              Entropy (8bit):4.305318281309235
                              Encrypted:false
                              SSDEEP:3072:yp9pdACEkNCEkrCEkaCEk/CEkpCEkqXCEk1wlp9cDH:y5iCEkNCEkrCEkaCEk/CEkpCEkqXCEkJ
                              MD5:F55B0052CB89EAB275E6E393B3C66D15
                              SHA1:9DDE8436B8F6F61F95BA4283E471B6D4F89A1556
                              SHA-256:D576EFB32DAD35B36C504D20C9B7863CFD25309E76615F7C44E85B01060A9544
                              SHA-512:4D3C9B6218B146F24BD1A9C126E622485B39D739B7B66B150D34026CEFDA70B05AC239B3CF6FC5E69AB7BBD401DE9A5620A64125C0E38BA1937C4F896AE5458E
                              Malicious:false
                              Preview:N.v_C...q...........].$.......................#.!BDN..G.SM......\.......................[................@...........@...@...................................@...........................................................................$.......D......@K..................................................................................................................................................................................................................................................................................................................................1?.INz..].$..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                              Chrome Cache Entry: 71

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:very short file (no magic)
                              Category:downloaded
                              Size (bytes):1
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:3:v:v
                              MD5:68B329DA9893E34099C7D8AD5CB9C940
                              SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                              SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                              SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                              Malicious:false
                              URL:https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==
                              Preview:.

                              Chrome Cache Entry: 72

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (7302)
                              Category:downloaded
                              Size (bytes):24626
                              Entropy (8bit):4.469248688270725
                              Encrypted:false
                              SSDEEP:192:wks+vasSJavEAflgzBFE/ImdzJtrcpOIitlomlBJfkqVcpHT2l/01:Js+vas0a56zQ/I0tlTJfktHT401
                              MD5:F8E099141F272B588F656DCBFEE25A2D
                              SHA1:FE360B06948108F86941C7E69AD250F20ACE316F
                              SHA-256:7B3EF563E6487FB17D6DB4080E5973B06A88F011D5037EECB580B4BBF339F237
                              SHA-512:302751C85EE34B3AB14F3024C1A2E8D7E25E72CE2E6443AAA4438D88631758BD80B44521630454080D3C6C7AE8E4109CD0E51FB05670742439F30A97DB2DE083
                              Malicious:false
                              URL:https://www.iprende.com/favicon.ico
                              Preview:<!DOCTYPE html>.<html lang="es-ES" dir="ltr">. <head>. . <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. .. . . <meta charset="utf-8" />. <meta http-equiv="content-type" content="text/html; charset=utf-8" />. <title>404 Art.culo no encontrado</title>. <link rel="stylesheet" href="/media/gantry5/assets/css/font-awesome.min.css" type="text/css" />. <link rel="stylesheet" href="/media/gantry5/engines/nucleus/css-compiled/nucleus.css" type="text/css" />. <link rel="stylesheet" href="/templates/g5_hydrogen/custom/css-compiled/hydrogen__error.css" type="text/css" />. <link rel="stylesheet" href="/templates/g5_hydrogen/custom/css-compiled/hydrogen-joomla__error.css" type="text/css" />. <link rel="stylesheet" href="/templates/g5_hydrogen/custom/css-compiled/custom__error.css" type="text/css" />. . [if (gte IE 8)&(lte IE 9)]>.

                              Static File Info

                              General

                              File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
                              Entropy (8bit):5.865959783409361
                              TrID:
                              • E-Mail message (Var. 5) (54515/1) 100.00%
                              File name:20Listen.eml
                              File size:36'146 bytes
                              MD5:1162a9ab755e7e125f28b18063c78fcd
                              SHA1:e76222078fde8083637c12e1cb3d665bacc4e51c
                              SHA256:05bf04eb228e30647194652f82d426fef36e85c7b595a44bdcc2b2e0aa4bc58f
                              SHA512:07720b97b423fbe9a301c4c0479b98cba1c7e1fc7f8884611d6571b25995426f82193a3f2f627f881dd41965f30bf83aed3de37e25a8d4847bf1bb3b105836c7
                              SSDEEP:768:HOBgfb+m7JyIGlz61To/18KKzZKjjstmMPd3u:HOBKb+m/0z61To/18KKzhC
                              TLSH:C7F2E803AFC01C11CB9A0991258F77BD3B3D6BC68A7248B0299B7FBE064ECD69AD1545
                              File Content Preview:Received: from SY4PR01MB5561.ausprd01.prod.outlook.com (2603:10c6:10:fd::7) by.. ME3PR01MB5736.ausprd01.prod.outlook.com with HTTPS; Fri, 11 Oct 2024 01:39:25.. +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=AaRHcds8

                              Static Mail

                              General

                              Subject: Missed__Caller.Ringer-Transcript....>>>>>>ID:-eef1da413490032ee87f60ea1a5f1d84, Download to Listen
                              From:Call_Service-PlayBack-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au
                              To:tara.brown@icare.nsw.gov.au
                              Cc:
                              BCC:
                              Date:Fri, 11 Oct 2024 01:34:03 +0000
                              Communications:
                              • You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important [External Email] Do not click links or open attachments unless you trust the sender and know the content is safe. If in doubt, report as suspect email You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important [External Email] Do not click links or open attachments unless you trust the sender and know the content is safe. If in doubt, report as suspect email You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important You don't often get email from call_service-playback-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au. Learn why this is important Learn why this is important https://aka.ms/LearnAboutSenderIdentification [External Email] Do not click links or open attachments unless you trust the sender and know the content is safe. If in doubt, report as suspect email [External Email] Do not click links or open attachments unless you trust the sender and know the content is safe. If in doubt, report as suspect email [External Email]
                              Attachments:
                              • Listen_Now_REC(Tara.brown).html

                              Headers

                              Key Value
                              Receivedfrom [127.0.0.1] (172.81.130.40) by ML1PEPF0000F17A.mail.protection.outlook.com (10.167.241.71) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8048.13 via Frontend Transport; Fri, 11 Oct 2024 01:34:04 +0000
                              ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qzkVPeYdPxQQhLL6AweWq/dwC5gCXWcGeFt5lCZ3HDs8fSalsTYK8qZY0/b4VLOXkyzVtyU0uzEhUI+HGMVXv7W8mO5mNNPD6w3vLKOYafez3Xu+zTjcFz+WIb2CRiOoXAwb2wqG8Tac/fKpV33oHmcRQM2qvDNzum5/kCOzpozLyrT11QNQeUn842qft7bba20QGFJi7ib00C+7OiKGIty2XYw0vSIBb/QAmu08inc2bh2P3guSsipGZKeMbwIDEdXs13IDQjUqfkRo1biSq1aufM3S7UiOFPbzD89Wnp0StdKLQLInxF/2CrEIlLSqpMobGw+DlI9wI2hInkbUKQ==
                              ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wvq6cSfbh0devOxv+e8ZWknP183wJokSLmJ+dqQ9z+4=; b=DqFA95X//HJQhs2+4x9qRPAym2Ll4dn8wkHrg7FgVp7i+MA48R+IGwbyXmtWeo8vhs1EXro/c0Jhn+yjyW0JKwwAw3yGb67RPSbzkRfKIugvcUTRAPBQbnWtOdgSHRbNGhzppbXFLb0eY+a+/sX1Upe9Um1owse4tg87Q6FhSZBan+msRBL+ceQBiOdN/XGVVbzxRZI3J6mpFGFMbV8rLtdt3eLreLVn7qzcn+/NVgKU1VnyVnlMYGyVc3uv9yOczQs6wRFZzvVvfaEWsxbrRhEpfkwsB9/7oTyb6pcfnTWEywD7I2z+Er+bRDxTYJU0W5KtqSC/qVfJlGPj6AOc1w==
                              ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is 172.81.130.40) smtp.rcpttodomain=icare.nsw.gov.au smtp.mailfrom=t1dpartnership.com.au; dmarc=none action=none header.from=t1dpartnership.com.au; dkim=none (message not signed); arc=none (0)
                              Authentication-Resultsspf=pass (sender IP is 52.101.150.107) smtp.mailfrom=t1dpartnership.com.au; dkim=pass (signature was verified) header.d=t1dpartnershipcomau.onmicrosoft.com;dmarc=bestguesspass action=none header.from=t1dpartnership.com.au;compauth=pass reason=109
                              Received-SPFFail (protection.outlook.com: domain of t1dpartnership.com.au does not designate 172.81.130.40 as permitted sender) receiver=protection.outlook.com; client-ip=172.81.130.40; helo=[127.0.0.1];
                              DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=t1dpartnershipcomau.onmicrosoft.com; s=selector2-t1dpartnershipcomau-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wvq6cSfbh0devOxv+e8ZWknP183wJokSLmJ+dqQ9z+4=; b=irvDttaZXeNyaHQV9Xgutd/5GyEinoX6fMJQJWIHqBluzJYE7+HRz1yl+EVxbVlh5TNJ514eWqeDow0gwQ9KPDeTt297k1FPyzj/CzjbIxdBQRXsADAfU0hctKwwjEvqQO52d+ZKVToNTZ0lNjnrlNO0QiLCzCru9bJngSg7/R8=
                              X-MS-Exchange-Authentication-Resultsspf=fail (sender IP is 172.81.130.40) smtp.mailfrom=t1dpartnership.com.au; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t1dpartnership.com.au;
                              Content-Typemultipart/mixed; boundary="--_NmP-9294ca0ee1ce52d7-Part_1"
                              X-MailerMicrosoft Outlook Express 6.00.2900.2180
                              X-MimeoleProduced By Microsoft MimeOLE V6.00.2900.2180
                              FromCall_Service-PlayBack-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au
                              Totara.brown@icare.nsw.gov.au
                              Subject Missed__Caller.Ringer-Transcript....>>>>>>ID:-eef1da413490032ee87f60ea1a5f1d84, Download to Listen
                              Message-ID<00ebaccd-3132-62e4-2b27-47d5cec2e2e5@t1dpartnership.com.au>
                              DateFri, 11 Oct 2024 01:34:03 +0000
                              Return-Path Call_Service-PlayBack-automatedrecvoic.notecaab961e40336b3bcf9c777e6742a98689809bb2f2526a528987656789876567898764f4-mail.protection.outlook.commmmx.box615bfe9fc949fcccc54392c416c2fe0a-a8d90738fc1ae1d2fe925d1623e943a0mx.01support@t1dpartnership.com.au
                              X-EOPAttributedMessage1
                              X-MS-TrafficTypeDiagnostic ML1PEPF0000F17A:EE_|SY6PR01MB8460:EE_|SY1PEPF00005A3D:EE_|SY4PR01MB5561:EE_|ME3PR01MB5736:EE_
                              X-MS-Office365-Filtering-Correlation-Id66ef7e05-c7db-463e-232f-08dce994ce05
                              X-MS-Exchange-SenderADCheck1
                              X-MS-Exchange-AntiSpam-Relay0
                              X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|376014|61400799027|36860700013|82310400026|2613699012|95630200002;
                              X-Microsoft-Antispam-Message-Info-Original RBFbI8qM5CVWFjK8xt88Sfobj4ms0XpSGtKs8jezf3AfEue7pGGdeRWYcG6O78PHVBrZBufN7X9LGqTnEPnN1AHIz++ywSVk18AZcj012M+5wI2Ds07UXmqvNhC82pLlWI7hpcXgQTG1uJ1wCcHkYGom58sPOsWIiwg9QuuqoUhWildDZBXTK/SBt0yb+h/eM/pYcHMSxNZMhDBXiaivxomPTJzm8zWZcdpUcvZQTdBzxY876MAC0KxSFy7B2UQA9IQ3Jh/l9w8YDla8OP8zN5b2zAOkfsuVLStC7hdlqs4AP5SRLK8P2zoriPxkwfpVmoQc/+M6qSpLaJbgoeAifDQFulSXblasyuvjbkVhuojFfuE9HM2oU5Xhfw3+uVKodB3EBqiOn5hq9Zf9tT95ogWEMAMZQHgWHaaMNs87td/NwQvbA4iE0j2x9QGGA6CUgSJi3F0HY6QddOn/ihmyG93+YCQOIvUbGKVwRB4ITHgV8XvUPykUI4F278sk7ZNKwn5yuOGKZsLR4xtnoSfCzDmRFqnGa5KYPOKx1sWGiwdLnzzH541z8FkbHRqe76Fw71Q07CVRMwqXIqNeX1SF07Fg1UndXc4eptwtfpYgLAdC4uTpLb1TvhEr83l9eRJW0m/YWF/wSXTGuSbdo5WvfQArB4k7NFqe7KezVmpR3mCt0N6MlYx/U2TrAlGzfoW9e5L0sm5QOAslDowk+7jweCl2QoKnBy9DKXBSEKvPrx18XPOXDhJtpOkUqDMy5yESfEh9gAy3YJcbHHeEyt8I1Xr4gobYxm1mGmkrA75xYrp53cJSIXpvAfkeV530Y3TUGhOA21Ap+Rx8m1wqBCJ7Hmzf9nKJsafK6effcCAN7lHMBLPWQ8rIHndV3hrlSZyC6iiO5WX2Lq6wgE5cfUN06VNKc8P1Pbe1gS4gPrvuBuFcqQOy6tc5l/7VPvNR+Eiw+TyWBJp0JB2ehdWD6XkzqW405UO4IuN1SnsOqACtt+E2Bl/nkX2RWLSLzbMDV+uaKWUNJPsLzo4B1qKWt+GysSMURpCkS8kS03+RkYRwIN+8eb7S8CwqdYxL0VlsjQ3600UnjNZ5UNWMaMzlCKaEwoACJkCwT0ddKk5r2nvhAw8=
                              X-Forefront-Antispam-Report-Untrusted CIP:172.81.130.40;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:ip-172-81-130-40.host;CAT:NONE;SFS:(13230040)(376014)(61400799027)(36860700013)(82310400026)(2613699012)(95630200002);DIR:OUT;SFP:1102;
                              X-MS-Exchange-Transport-CrossTenantHeadersStampedSY4PR01MB5561
                              X-MS-Exchange-Organization-ExpirationStartTime11 Oct 2024 01:34:10.0642 (UTC)
                              X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                              X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                              X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                              X-MS-Exchange-Organization-Network-Message-Id 66ef7e05-c7db-463e-232f-08dce994ce05
                              X-EOPTenantAttributedMessage34ae0514-4eb5-4608-8b64-b002d2054238:0
                              X-MS-Exchange-Organization-MessageDirectionalityIncoming
                              X-MS-Exchange-Transport-CrossTenantHeadersStripped SY1PEPF00005A3D.ausprd01.prod.outlook.com
                              X-MS-Exchange-Transport-CrossTenantHeadersPromoted SY1PEPF00005A3D.ausprd01.prod.outlook.com
                              X-MS-PublicTrafficTypeEmail
                              X-MS-Exchange-Organization-AuthSource SY1PEPF00005A3D.ausprd01.prod.outlook.com
                              X-MS-Exchange-Organization-AuthAsAnonymous
                              X-MS-Office365-Filtering-Correlation-Id-Prvs 824198ae-94db-4d5a-ad85-08dce994cb63
                              X-MS-Exchange-AtpMessagePropertiesSA|SL
                              X-MS-Exchange-Organization-BypassFocusedInboxtrue
                              X-MS-Exchange-Organization-SCL1
                              X-Microsoft-Antispam BCL:0;ARA:13230040|12012899012|35042699022|12062699021|2613699012|2722699018|8052699015|43540500003|95630200002;
                              X-Forefront-Antispam-Report CIP:52.101.150.107;CTRY:AU;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SY8PR01CU002.outbound.protection.outlook.com;PTR:mail-australiaeastazon11020107.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(12012899012)(35042699022)(12062699021)(2613699012)(2722699018)(8052699015)(43540500003)(95630200002);DIR:INB;SFTY:9.25;
                              X-MS-Exchange-CrossTenant-OriginalArrivalTime11 Oct 2024 01:34:10.0486 (UTC)
                              X-MS-Exchange-CrossTenant-Network-Message-Id66ef7e05-c7db-463e-232f-08dce994ce05
                              X-MS-Exchange-CrossTenant-Id34ae0514-4eb5-4608-8b64-b002d2054238
                              X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=ed024331-b2c0-44f3-b0e0-045c81e086c5;Ip=[172.81.130.40];Helo=[[127.0.0.1]]
                              X-MS-Exchange-CrossTenant-AuthSource SY1PEPF00005A3D.ausprd01.prod.outlook.com
                              X-MS-Exchange-CrossTenant-AuthAsAnonymous
                              X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                              X-MS-Exchange-Transport-EndToEndLatency00:05:15.2697048
                              X-MS-Exchange-Processed-By-BccFoldering15.20.8048.017
                              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                              X-Microsoft-Antispam-Message-Info q4xI9VL3VAjn2gX9TcLZsDguy9m9pkL949c2ddRZvUK/Z+FTAU2X4DECfSsLvHExVYgHjjWvAcpT/OCEp1O5zUbjrH6Cu9eqGDPkUMnI0LZV8G5PFSvY7K+a3EM3NeIF0zfcuXfVnd5womha48OkY/XAijHwr9lCBWSVQqdWwIkIx4m9jpSsxNAZuCDYx3C2TluatSED43/jiYgfAIiEwbsjH9moyueF1uYqMhMnaHAsFdV+SHqJuA7XrDBql3ZH8GbnHOeKki6ZGrkiHF5EDnOBjTA6BkDVnuSB18uWqIpEiwYEnBDMxQgcnz+fEd055mE1n4MNkbsTRYDDIRrTPB7L/bgGehbmDTzXDpKO7wzXO9rIOPUPwMwyqDszOkgrkoyytXup0eFJp+srmn+dJqeuGfz4zt/w5YT/1sM4uV2OFxU1nKiUfUXXWl0rBeD6cn8zaTBVL9e995hOa0NHn4iZ8mnpzdM4kCRZiYcsYCtHa8WOmEUk7BoyNVswJNiLLyn93iAWKnLXZo2+Q/sq/g0RZzvk8v/TN4HSmTAVfOVo7dyE6tLBNSSjUGPRUpr9K9iouzBcC5pGwopLWEW5qAti8xnEEoom9kK6/Rw/tFtu7ZvNQ5OZbYkb1Nc7nF3ouTW/5eQCMbFeQMWE6RaCqLpQkOwj2DLzninwpcCBkJwv7zF+E+Hj7K4Eth9qNV9nE3o9cXZ1D/8+14lNlfVe8qhf4+/uvP5x5DHt+tABoODSgAlcKn75LS1fMHQBLeN9aKVA/fZgKlEixphzNEn7EqTkH7EwvZVkqwGpI/FCL4Y1BeB1rcbPzpXEF05Kbj7WTQpsaAYlPsmEKUYuxDfni3iadloYke//54J9UsEUrlEw0hUjjPFDy8IdQXiW0q30TqzDCQTKJy8dqHZBNCBd/fwz7DmpjPPcKGR0IeZf1Ce0mRSCeHl37kmzvCY2On6kD2HLss2x3OGpjCNPE8eBGznNC6L43OCKsxifvOIyUyineDJoZ7QfDfvut8St9dEB4WMsh32KS5cY4Vgo8kVnlomfmyasw8iz643fvdavIWciEvMi5gLpcC6aNYcNJbZWeMgqh/3WqynVJsHqtl2qKfMGxACyhCAsOrCf2OMcpxNPEWjuw4EvAPBDRO/58u11dTOWc8Hm14msVvQfM0qHip6TZaVgQbRyp1oBlq5tGo2fssMPDqUO+BavNXqdMe/mD39JiE1PV5Jggy1RpIhlwTGdCt+XJBtM8XIhY0P1ss85gQ7YeEYgwcL2Vsz9PW/DfT8swODB/aNjqo4gW7K/M5CBff0WOoDH6fLEh19D3FXMT6jXapLQg6jqjjnQ65oLIix88GenL4ay3qeDWlNsY4wvs8dcZgMzfeRSCSWXz7zNDTNllj7TLN8lwTUmhudKGD8QxdruwwM5ZjWp6BsEhX0gMtKIqGwGkCdFPkFSJ/jWaP2AsWw6FVtRGDKmj7KogKUZ0GyVXh+mnjbSJZ3u1oeZIq+1JSmwl4Pwalq+kWTLe9hHxxia8Bc00ZEQE6tCOzI3sQfj8tvO7rgFs46zjNzQzDdOJqldiqARHpoj1ID9mErnHmcPYT1Yd583+Qwqbz8nfdCAaLUgNL47ixL8FKu6olzX9Py6Bm4dNLqeWzEnjtN3m7AGvAfg/z+9NqZt7o0uXnoxk37UFjnrWbDoZuP9M94bgApRzQ+ZSM0G+Z4+oJeMwqsxS6QFFSLJTVspBprlzHO90WZ9VTvNmHFlCCmK0ZGwUxkfBC3G31iYPaM2rsMwVdwZT7HuLAS7szN9eUQvDwiwYcmsdOvd8sWpX9CDE3vn5stVLVx+5Xk7pAY5RQZKjg3KB0gLai/xfKmL1swyRq8Z/eJOsHu2YpJvfZZeN/CnuX2MlB4e9VvvTXigSoISw+YnPSGx3FvsLYeR1urkwLbspsQwtvszzxgZJsquHeL2Mz4/KtO8T3QE6Le+ryR1mUXs8Sk4i2IQkCsTT6+mQibOKqeiju2w4x+SUw==
                              MIME-Version1.0

                              File Icon

                              Icon Hash:46070c0a8e0c67d6

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Oct 14, 2024 02:05:53.536997080 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:05:53.840606928 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:05:54.447513103 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:05:55.653610945 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:05:56.520052910 CEST4968980192.168.2.16192.229.211.108
                              Oct 14, 2024 02:05:58.057615995 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:05:58.285788059 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:58.285873890 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:58.286298037 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:58.286592960 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:58.286628008 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.114180088 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.114294052 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.116902113 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.116931915 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.117306948 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.118586063 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.159435034 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.404182911 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.404377937 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.404452085 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.404520035 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.404520035 CEST49708443192.168.2.1652.123.243.192
                              Oct 14, 2024 02:05:59.404556990 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.404578924 CEST4434970852.123.243.192192.168.2.16
                              Oct 14, 2024 02:05:59.767704964 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:05:59.767780066 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:05:59.767863035 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:05:59.769299984 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:05:59.769334078 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.528489113 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.528589964 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.530273914 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.530302048 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.530694962 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.570410013 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.615403891 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.854482889 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.854639053 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.854676962 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.854739904 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.854773045 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.854773045 CEST49709443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.854794979 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.854813099 CEST44349709184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.893893957 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.893940926 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:00.894022942 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.894268036 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:00.894299030 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.610635042 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:01.610690117 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:01.610915899 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:01.611079931 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:01.611095905 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:01.611330032 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.611411095 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.612344027 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.612361908 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.612878084 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.613907099 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.659404039 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.703737974 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:01.942723989 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.942913055 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.942981005 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.943572044 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.943603039 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:01.943619013 CEST49710443192.168.2.16184.28.90.27
                              Oct 14, 2024 02:06:01.943627119 CEST44349710184.28.90.27192.168.2.16
                              Oct 14, 2024 02:06:02.005585909 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:02.417946100 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.418028116 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.428869963 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.428890944 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.429241896 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.429646969 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.429694891 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.429760933 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.611490965 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:02.808876991 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.808914900 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.808973074 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.808986902 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.809041977 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.809052944 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.809165955 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.809175968 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.809192896 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.809211016 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.809231997 CEST49711443192.168.2.1620.190.160.14
                              Oct 14, 2024 02:06:02.809247971 CEST4434971120.190.160.14192.168.2.16
                              Oct 14, 2024 02:06:02.867510080 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:06:03.826493025 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:05.010090113 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.010137081 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:05.010231018 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.011554956 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.011575937 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:05.840604067 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:05.840675116 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.842729092 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.842750072 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:05.843269110 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:05.887581110 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.907648087 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:05.955409050 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139321089 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139425039 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139447927 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139499903 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139539003 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139620066 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.139657021 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139686108 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.139718056 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139719963 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.139761925 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.139808893 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.139808893 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.139822960 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.140053034 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.140270948 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.153871059 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.153871059 CEST49712443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:06.153889894 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.153901100 CEST44349712172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:06.175832033 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:06.239538908 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:06.484915018 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:07.085531950 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:08.300695896 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:10.712539911 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:11.047528028 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:12.481725931 CEST49673443192.168.2.16204.79.197.203
                              Oct 14, 2024 02:06:15.518552065 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:20.652667046 CEST49678443192.168.2.1620.189.173.10
                              Oct 14, 2024 02:06:22.302666903 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:22.302712917 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:22.302793980 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:22.303416014 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:22.303435087 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.203978062 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.204283953 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.204344034 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.206094027 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.206175089 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.207243919 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.207336903 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.207492113 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.207508087 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.250675917 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.691101074 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.691492081 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.691584110 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.692071915 CEST49718443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.692137003 CEST44349718194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.723342896 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.723460913 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:23.723577976 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.723947048 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:23.724059105 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.388087988 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.388375044 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:24.388407946 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.388773918 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.389156103 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:24.389223099 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.389329910 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:24.435441017 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.964231014 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.964453936 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:24.964560986 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:24.964626074 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.019676924 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:25.019737959 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067231894 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067408085 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067528963 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067550898 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067579031 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:25.067650080 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.067687035 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:25.068042040 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.068113089 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:25.068382978 CEST49720443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:25.068434954 CEST44349720194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:25.130880117 CEST4968080192.168.2.16192.229.211.108
                              Oct 14, 2024 02:06:26.973469973 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:26.973562002 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:26.973649979 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:26.973913908 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:26.973949909 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.626545906 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.626849890 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:27.626897097 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.628562927 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.628640890 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:27.630062103 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:27.630153894 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.677571058 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:27.677607059 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:27.725555897 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:34.241864920 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.241956949 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.242006063 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.242052078 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.242280960 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.242321014 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.242396116 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.242428064 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.242618084 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.242662907 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.921437025 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.921848059 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.921912909 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.923060894 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.923372984 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.923505068 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.923521042 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.923593998 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.937134027 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.937417030 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.937448978 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.937814951 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.938221931 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.938304901 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:34.976737022 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:34.992646933 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:35.474821091 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:35.475255966 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:35.475343943 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:35.476146936 CEST49723443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:35.476196051 CEST44349723194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:37.526431084 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:37.526581049 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:37.526639938 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:38.446276903 CEST49722443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:06:38.446322918 CEST44349722142.250.186.36192.168.2.16
                              Oct 14, 2024 02:06:42.634243965 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:42.634311914 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:42.634417057 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:42.634942055 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:42.634968042 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.165702105 CEST4969880192.168.2.1688.221.110.91
                              Oct 14, 2024 02:06:43.165858030 CEST4969980192.168.2.1688.221.110.91
                              Oct 14, 2024 02:06:43.170883894 CEST804969888.221.110.91192.168.2.16
                              Oct 14, 2024 02:06:43.170963049 CEST4969880192.168.2.1688.221.110.91
                              Oct 14, 2024 02:06:43.171158075 CEST804969988.221.110.91192.168.2.16
                              Oct 14, 2024 02:06:43.171217918 CEST4969980192.168.2.1688.221.110.91
                              Oct 14, 2024 02:06:43.344398975 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.344500065 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.346206903 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.346220970 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.346715927 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.347877979 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.395435095 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618186951 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618249893 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618458033 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618458986 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.618524075 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618680954 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.618709087 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.618798018 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.619630098 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.619688988 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.619764090 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.619828939 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.621058941 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.621081114 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:43.621094942 CEST49725443192.168.2.16172.202.163.200
                              Oct 14, 2024 02:06:43.621100903 CEST44349725172.202.163.200192.168.2.16
                              Oct 14, 2024 02:06:56.092359066 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:56.092526913 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:06:56.092755079 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:56.445142031 CEST49724443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:06:56.445193052 CEST44349724194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:23.972500086 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.972551107 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:23.972662926 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.973100901 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.973190069 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:23.973275900 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.973341942 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.973365068 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:23.973583937 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:23.973619938 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.659188032 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.659540892 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.659576893 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.660815954 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.661218882 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.661381006 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.661396027 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.661434889 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.688303947 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.688625097 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.688658953 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.689793110 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.690237045 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.690433979 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:24.710764885 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:24.742688894 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:25.168523073 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:25.169209957 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:25.169343948 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:25.169616938 CEST49727443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:25.169656038 CEST44349727194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:27.026628971 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:27.026724100 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.026884079 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:27.027079105 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:27.027103901 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.908557892 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.908845901 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:27.908898115 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.909723043 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.910003901 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:27.910095930 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:27.952716112 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:33.562972069 CEST4970180192.168.2.16192.229.221.95
                              Oct 14, 2024 02:07:33.568732023 CEST8049701192.229.221.95192.168.2.16
                              Oct 14, 2024 02:07:33.568814039 CEST4970180192.168.2.16192.229.221.95
                              Oct 14, 2024 02:07:37.737291098 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:37.737447977 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:37.737629890 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:38.444334984 CEST49729443192.168.2.16142.250.186.36
                              Oct 14, 2024 02:07:38.444386959 CEST44349729142.250.186.36192.168.2.16
                              Oct 14, 2024 02:07:45.825289965 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:45.825382948 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:45.825453997 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:46.438210964 CEST49728443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:46.438281059 CEST44349728194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:48.374095917 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.374185085 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:48.374257088 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.374284029 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:48.374315977 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.374377966 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.384591103 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.384674072 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:48.384713888 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:48.384743929 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.061311960 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.061631918 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.061664104 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.062906981 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.063209057 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.063333988 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.063340902 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.063431025 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.065285921 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.065462112 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.065470934 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.067248106 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.067495108 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.067682981 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.106758118 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.122770071 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.680705070 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.681081057 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:49.681205034 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.681684971 CEST49737443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:49.681725025 CEST44349737194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:59.805881977 CEST49745443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:59.806021929 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:59.806155920 CEST49745443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:59.806339979 CEST49745443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:59.806382895 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:07:59.806440115 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:07:59.851408005 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.125730038 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.126152039 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.126388073 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:08:00.126524925 CEST49738443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:08:00.126571894 CEST44349738194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.474355936 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.474812031 CEST49745443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:08:00.474878073 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.475506067 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.475825071 CEST49745443192.168.2.16194.53.148.86
                              Oct 14, 2024 02:08:00.475955009 CEST44349745194.53.148.86192.168.2.16
                              Oct 14, 2024 02:08:00.516793966 CEST49745443192.168.2.16194.53.148.86

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Oct 14, 2024 02:06:22.213273048 CEST53527551.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:22.275151968 CEST5379053192.168.2.161.1.1.1
                              Oct 14, 2024 02:06:22.275298119 CEST6173253192.168.2.161.1.1.1
                              Oct 14, 2024 02:06:22.285713911 CEST53628121.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:22.295711994 CEST53537901.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:22.366962910 CEST53617321.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:23.270437002 CEST53510721.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:26.965502977 CEST6123753192.168.2.161.1.1.1
                              Oct 14, 2024 02:06:26.965681076 CEST5307153192.168.2.161.1.1.1
                              Oct 14, 2024 02:06:26.972497940 CEST53530711.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:26.972544909 CEST53612371.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:40.355124950 CEST53565721.1.1.1192.168.2.16
                              Oct 14, 2024 02:06:57.868607044 CEST138138192.168.2.16192.168.2.255
                              Oct 14, 2024 02:06:59.034128904 CEST53611121.1.1.1192.168.2.16
                              Oct 14, 2024 02:07:22.037982941 CEST53613851.1.1.1192.168.2.16
                              Oct 14, 2024 02:07:22.105499983 CEST53594331.1.1.1192.168.2.16
                              Oct 14, 2024 02:07:50.171941996 CEST53581991.1.1.1192.168.2.16

                              ICMP Packets

                              TimestampSource IPDest IPChecksumCodeType
                              Oct 14, 2024 02:06:22.367067099 CEST192.168.2.161.1.1.1c231(Port unreachable)Destination Unreachable

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Oct 14, 2024 02:06:22.275151968 CEST192.168.2.161.1.1.10x280eStandard query (0)www.iprende.comA (IP address)IN (0x0001)false
                              Oct 14, 2024 02:06:22.275298119 CEST192.168.2.161.1.1.10x79b6Standard query (0)www.iprende.com65IN (0x0001)false
                              Oct 14, 2024 02:06:26.965502977 CEST192.168.2.161.1.1.10x145cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                              Oct 14, 2024 02:06:26.965681076 CEST192.168.2.161.1.1.10x3a5aStandard query (0)www.google.com65IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)svc.ha-teams.office.commira-tmc.tm-4.office.comCNAME (Canonical name)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.192A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.193A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.84A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.199A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.71A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.74A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.80A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:05:58.284851074 CEST1.1.1.1192.168.2.160xb782No error (0)mira-tmc.tm-4.office.com52.123.243.68A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:06:22.295711994 CEST1.1.1.1192.168.2.160x280eNo error (0)www.iprende.com194.53.148.86A (IP address)IN (0x0001)false
                              Oct 14, 2024 02:06:26.972497940 CEST1.1.1.1192.168.2.160x3a5aNo error (0)www.google.com65IN (0x0001)false
                              Oct 14, 2024 02:06:26.972544909 CEST1.1.1.1192.168.2.160x145cNo error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • ecs.office.com
                              • fs.microsoft.com
                              • login.live.com
                              • slscr.update.microsoft.com
                              • www.iprende.com
                              • https:

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.164970852.123.243.1924437048C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:05:59 UTC857OUTGET /config/v2/Office/outlook/16.0.16827.20130/Production/CC?&EcsCanary=1&Clientid=%7bBBCFF8B7-50C1-4E8E-BA39-D9A2E2504C3A%7d&Application=outlook&Platform=win32&Version=16.0.16827.20130&MsoVersion=16.0.16827.20130&ProcessName=outlook.exe&Audience=Production&Build=ship&Architecture=x86&Language=en-US&SubscriptionLicense=false&PerpetualLicense=2019&LicenseCategory=7&LicenseSKU=ProPlus2019Retail&OsVersion=10.0&OsBuild=19045&Channel=CC&InstallType=C2R&SessionId=%7b2A707FD7-108D-4FB3-93C8-BAE9FC2D72D8%7d&LabMachine=false HTTP/1.1
                              Connection: Keep-Alive
                              Accept-Encoding: gzip
                              If-None-Match: "j5JAGFu6Gyd7DtXLgpJU7A9S7Vdo/ZFpMU4AtH0v7xc="
                              User-Agent: Microsoft Office 2014
                              DisableExperiments: false
                              X-ECS-Client-Last-Telemetry-Events: ecs_client_library_name=MSO,ecs_client_app_name=Office,ecs_client_version=16.0.16827.20130
                              Host: ecs.office.com
                              2024-10-14 00:05:59 UTC1155INHTTP/1.1 304
                              Cache-Control: no-cache,max-age=14400
                              Content-Type: application/json
                              Expires: Mon, 14 Oct 2024 04:05:59 GMT
                              ETag: "j5JAGFu6Gyd7DtXLgpJU7A9S7Vdo/ZFpMU4Ava7XaQU="
                              Server: Microsoft-IIS/10.0
                              request-id: df861e30-aa56-f84a-1048-2975c9da65e3
                              X-BackEndHttpStatus: 304
                              X-Content-Type-Options: nosniff
                              X-Frame-Options: DENY
                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                              Report-To: {"group":"NelEcsUpload1","max_age":604800,"endpoints":[{"url":"https://ecs.nel.measure.office.net?TenantId=Office&DestinationEndpoint=MIRA-SIP-FR3&FrontEnd=MIRA"}],"include_subdomains":true}
                              NEL: {"report_to":"NelEcsUpload1","max_age":604800,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
                              X-Proxy-RoutingCorrectness: 1
                              X-MSEdge-Ref: MIRA: df861e30-aa56-f84a-1048-2975c9da65e3 FR3P281CA0201 2024-10-14T00:05:59.283Z
                              Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000
                              X-Proxy-BackendServerStatus: 304
                              X-FirstHopCafeEFZ: HHN
                              X-FEProxyInfo: FR3P281CA0201.DEUP281.PROD.OUTLOOK.COM
                              X-FEEFZInfo: HHN
                              X-Powered-By: ASP.NET
                              X-FEServer: FR3P281CA0201
                              Date: Mon, 14 Oct 2024 00:05:58 GMT
                              Connection: close


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.1649709184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:00 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-10-14 00:06:00 UTC467INHTTP/1.1 200 OK
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF70)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-neu-z1
                              Cache-Control: public, max-age=146375
                              Date: Mon, 14 Oct 2024 00:06:00 GMT
                              Connection: close
                              X-CID: 2


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.1649710184.28.90.27443
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:01 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              Accept-Encoding: identity
                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                              Range: bytes=0-2147483646
                              User-Agent: Microsoft BITS/7.8
                              Host: fs.microsoft.com
                              2024-10-14 00:06:01 UTC515INHTTP/1.1 200 OK
                              ApiVersion: Distribute 1.1
                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                              Content-Type: application/octet-stream
                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                              Server: ECAcc (lpl/EF06)
                              X-CID: 11
                              X-Ms-ApiVersion: Distribute 1.2
                              X-Ms-Region: prod-weu-z1
                              Cache-Control: public, max-age=146315
                              Date: Mon, 14 Oct 2024 00:06:01 GMT
                              Content-Length: 55
                              Connection: close
                              X-CID: 2
                              2024-10-14 00:06:01 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                              Session IDSource IPSource PortDestination IPDestination Port
                              3192.168.2.164971120.190.160.14443
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:02 UTC422OUTPOST /RST2.srf HTTP/1.0
                              Connection: Keep-Alive
                              Content-Type: application/soap+xml
                              Accept: */*
                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                              Content-Length: 4762
                              Host: login.live.com
                              2024-10-14 00:06:02 UTC4762OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                              2024-10-14 00:06:02 UTC569INHTTP/1.1 200 OK
                              Cache-Control: no-store, no-cache
                              Pragma: no-cache
                              Content-Type: application/soap+xml; charset=utf-8
                              Expires: Mon, 14 Oct 2024 00:05:02 GMT
                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                              Referrer-Policy: strict-origin-when-cross-origin
                              x-ms-route-info: C538_SN1
                              x-ms-request-id: ea74e3e8-172b-4745-abb8-a577651a1803
                              PPServer: PPV: 30 H: SN1PEPF0002F94B V: 0
                              X-Content-Type-Options: nosniff
                              Strict-Transport-Security: max-age=31536000
                              X-XSS-Protection: 1; mode=block
                              Date: Mon, 14 Oct 2024 00:06:02 GMT
                              Connection: close
                              Content-Length: 10197
                              2024-10-14 00:06:02 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.1649712172.202.163.200443
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:05 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=l51+l2bwwCwC8a9&MD=cbkp+fGF HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-10-14 00:06:06 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                              MS-CorrelationId: 24d99592-cd72-4a29-9b16-b3795c4a3f51
                              MS-RequestId: e8e1db62-a3b7-4453-9d28-d63a77eec427
                              MS-CV: 8vZmgPfpS0OwEW97.0
                              X-Microsoft-SLSClientCache: 2880
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Mon, 14 Oct 2024 00:06:05 GMT
                              Connection: close
                              Content-Length: 24490
                              2024-10-14 00:06:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                              2024-10-14 00:06:06 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.1649718194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:23 UTC723OUTGET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-10-14 00:06:23 UTC182INHTTP/1.1 200 OK
                              Date: Mon, 14 Oct 2024 00:06:23 GMT
                              Server: Apache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:06:23 UTC3INData Raw: 31 0d 0a
                              Data Ascii: 1
                              2024-10-14 00:06:23 UTC1INData Raw: 0a
                              Data Ascii:
                              2024-10-14 00:06:23 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:06:23 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.1649720194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:24 UTC665OUTGET /favicon.ico HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              sec-ch-ua-platform: "Windows"
                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: image
                              Referer: https://www.iprende.com/o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA==
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              2024-10-14 00:06:24 UTC400INHTTP/1.1 404 Not Found
                              Date: Mon, 14 Oct 2024 00:06:24 GMT
                              Server: Apache
                              Set-Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8; path=/; HttpOnly
                              X-Logged-In: False
                              X-Content-Powered-By: K2 v2.10.3 (by JoomlaWorks)
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:06:24 UTC6INData Raw: 32 30 30 30 0d 0a
                              Data Ascii: 2000
                              2024-10-14 00:06:24 UTC8192INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 2d 45 53 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 6d 65 74 61 20
                              Data Ascii: <!DOCTYPE html><html lang="es-ES" dir="ltr"> <head> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta
                              2024-10-14 00:06:24 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:06:24 UTC6INData Raw: 32 30 30 30 0d 0a
                              Data Ascii: 2000
                              2024-10-14 00:06:25 UTC8192INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 67 2d 6d 65 6e 75 2d 69 74 65 6d 2d 74 69 74 6c 65 22 3e 43 75 72 73 6f 73 20 61 6e 75 61 6c 65 73 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                              Data Ascii: <span class="g-menu-item-title">Cursos anuales</span> </span> </a> </li>
                              2024-10-14 00:06:25 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:06:25 UTC6INData Raw: 32 30 30 30 0d 0a
                              Data Ascii: 2000
                              2024-10-14 00:06:25 UTC8192INData Raw: 72 69 64 22 3e 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d 62 6c 6f 63 6b 20 73 69 7a 65 2d 34 30 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 70 79 72 69 67 68 74 2d 33 34 32 39 2d 70 61 72 74 69 63 6c 65 22 20 63 6c 61 73 73 3d 22 67 2d 63 6f 6e 74 65 6e 74 20 67 2d 70 61 72 74 69 63 6c 65 22 3e 20 20 20 20 20 20 20 20 20 20 20 20 26 63 6f 70 79 3b 0a 20 20 20 20 20 20 20 20 32 30 32 31 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 67 2d
                              Data Ascii: rid"> <div class="g-block size-40"> <div id="copyright-3429-particle" class="g-content g-particle"> &copy; 2021 </div> </div> <div class="g-
                              2024-10-14 00:06:25 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:06:25 UTC4INData Raw: 33 32 0d 0a
                              Data Ascii: 32


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.1649723194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:34 UTC838OUTGET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              Cache-Control: max-age=0
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
                              2024-10-14 00:06:35 UTC182INHTTP/1.1 200 OK
                              Date: Mon, 14 Oct 2024 00:06:35 GMT
                              Server: Apache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:06:35 UTC3INData Raw: 31 0d 0a
                              Data Ascii: 1
                              2024-10-14 00:06:35 UTC1INData Raw: 0a
                              Data Ascii:
                              2024-10-14 00:06:35 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:06:35 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.1649725172.202.163.200443
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:06:43 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=l51+l2bwwCwC8a9&MD=cbkp+fGF HTTP/1.1
                              Connection: Keep-Alive
                              Accept: */*
                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                              Host: slscr.update.microsoft.com
                              2024-10-14 00:06:43 UTC560INHTTP/1.1 200 OK
                              Cache-Control: no-cache
                              Pragma: no-cache
                              Content-Type: application/octet-stream
                              Expires: -1
                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                              MS-CorrelationId: 7a730759-8fe5-414e-8428-0a6042cf95bb
                              MS-RequestId: ca7f528e-c823-431a-836c-886ed3c66eb3
                              MS-CV: YmI9TRr41E6h51xg.0
                              X-Microsoft-SLSClientCache: 1440
                              Content-Disposition: attachment; filename=environment.cab
                              X-Content-Type-Options: nosniff
                              Date: Mon, 14 Oct 2024 00:06:42 GMT
                              Connection: close
                              Content-Length: 30005
                              2024-10-14 00:06:43 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                              2024-10-14 00:06:43 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.1649727194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:07:24 UTC838OUTGET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              Cache-Control: max-age=0
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: none
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
                              2024-10-14 00:07:25 UTC182INHTTP/1.1 200 OK
                              Date: Mon, 14 Oct 2024 00:07:24 GMT
                              Server: Apache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:07:25 UTC3INData Raw: 31 0d 0a
                              Data Ascii: 1
                              2024-10-14 00:07:25 UTC1INData Raw: 0a
                              Data Ascii:
                              2024-10-14 00:07:25 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:07:25 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.1649737194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:07:49 UTC798OUTGET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
                              2024-10-14 00:07:49 UTC182INHTTP/1.1 200 OK
                              Date: Mon, 14 Oct 2024 00:07:49 GMT
                              Server: Apache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:07:49 UTC3INData Raw: 31 0d 0a
                              Data Ascii: 1
                              2024-10-14 00:07:49 UTC1INData Raw: 0a
                              Data Ascii:
                              2024-10-14 00:07:49 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:07:49 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.1649738194.53.148.864431444C:\Program Files\Google\Chrome\Application\chrome.exe
                              TimestampBytes transferredDirectionData
                              2024-10-14 00:07:59 UTC844OUTGET /o/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9TTFwR1pGUT0mdWlkPVVTRVIxODA5MjAyNFUzMjA5MTgwNA== HTTP/1.1
                              Host: www.iprende.com
                              Connection: keep-alive
                              Cache-Control: max-age=0
                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                              sec-ch-ua-mobile: ?0
                              sec-ch-ua-platform: "Windows"
                              Upgrade-Insecure-Requests: 1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                              Sec-Fetch-Site: cross-site
                              Sec-Fetch-Mode: navigate
                              Sec-Fetch-User: ?1
                              Sec-Fetch-Dest: document
                              Accept-Encoding: gzip, deflate, br
                              Accept-Language: en-US,en;q=0.9
                              Cookie: 771072239527ea947b2bfaf6c8f1d292=e60e048915260a77aa32d01671829ae8
                              2024-10-14 00:08:00 UTC182INHTTP/1.1 200 OK
                              Date: Mon, 14 Oct 2024 00:07:59 GMT
                              Server: Apache
                              Vary: Accept-Encoding
                              Connection: close
                              Transfer-Encoding: chunked
                              Content-Type: text/html; charset=UTF-8
                              2024-10-14 00:08:00 UTC3INData Raw: 31 0d 0a
                              Data Ascii: 1
                              2024-10-14 00:08:00 UTC1INData Raw: 0a
                              Data Ascii:
                              2024-10-14 00:08:00 UTC2INData Raw: 0d 0a
                              Data Ascii:
                              2024-10-14 00:08:00 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:1
                              Start time:20:05:55
                              Start date:13/10/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              Wow64 process (32bit):true
                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\20Listen.eml"
                              Imagebase:0xc50000
                              File size:34'446'744 bytes
                              MD5 hash:91A5292942864110ED734005B7E005C0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:3
                              Start time:20:05:57
                              Start date:13/10/2024
                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6941A605-7302-4BD6-BF5C-30601A8A903D" "8406B14A-7017-4EA4-9ED7-6830C8DE3365" "7048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                              Imagebase:0x7ff6a3a20000
                              File size:710'048 bytes
                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:10
                              Start time:20:06:20
                              Start date:13/10/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:11
                              Start time:20:06:21
                              Start date:13/10/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1956,i,18387354763306928465,2346649231823565567,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:15
                              Start time:20:07:47
                              Start date:13/10/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\68W6OD7A\Listen_Now_REC(Tara.brown).html
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:16
                              Start time:20:07:47
                              Start date:13/10/2024
                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1908,i,14695886725935389924,2068831085740703090,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                              Imagebase:0x7ff7f9810000
                              File size:3'242'272 bytes
                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              Disassembly

                              No disassembly