Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ID_60232912649455456988.eml

Overview

General Information

Sample name:ID_60232912649455456988.eml
Analysis ID:1615458
MD5:781a435f4cc2eab1d5c104aa5f00b7f0
SHA1:47152f056249c0a07c338565dd45f823d20f9f2d
SHA256:4e46084d2dcc3da2d9427148b8f931ca6aa2c3f30b058248b614142d8eda319a
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected HtmlPhish62
AI detected suspicious elements in Email content
Creates a window with clipboard capturing capabilities
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6904 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ID_60232912649455456988.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7088 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "782BBF9D-EE3A-481E-B865-BAB9F3F817B9" "D3B2547E-2F6F-4873-87CC-8A07A2E2B7AE" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 6672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1940,i,8244572278966715792,18119775550012275474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 3772 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 5408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1932,i,15026654124779829165,2225806339062908127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
3.12.pages.csvJoeSecurity_HtmlPhish_62Yara detected HtmlPhish_62Joe Security

    Sigma Signatures

    Sigma detected: Office Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6904, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://djodmxhn6m42wre9exde.brightnexst.ru/pax6lf1/Avira URL Cloud: Label: phishing

    Phishing

    barindex
    Yara detected HtmlPhish62
    Source: Yara matchFile source: 3.12.pages.csv, type: HTML
    AI detected suspicious elements in Email content
    Source: EmailJoe Sandbox AI: Detected potential phishing email: The email uses a deceptive sender address that mimics a legitimate email but comes from a different domain (munrosinc.com vs ccdistributors.com). Contains a suspicious encoded URL with multiple redirects and unusual formatting. Uses a generic subject line with just a number sequence, typical of automated phishing campaigns
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Form action: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655187847089.ODg4ZmEzOWMtMjJmNy00ZDg1LTkyYjItMjVhOWI0MGRmNzczNDFlZGU2NjktZjg2YS00NGVmLWJhYWYtMWQ5MGQ4MmQwYzYy&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPRiFLNukakpGDiUR6W-MoWmQnSYx-DJZ8Bc-Jx3BfsrFju3J_xozr8r1XrthXHNqTftOfdRY6ljnbz_2fNsowl_YDtPwN2zA-Vk-vrPLE7kmKYkghUhcHMawf-Vp8Wy42xNYDwgEzqLldkU7srU9jegpEEJsYkT5wdU_trwedGKo9nTDdQXZIYNZz6zCs1hG6dy_GNvEoEtuVkK7RMV88VAKrT0t0AD2mfF8syo3TUawa0mM5xmMIyue7JmmkQyCYpOvniEgo5TVigRE7d2v878AQ00ea0QVt__f_-QByNClgGI7SWB_PVimdtKV6Rt_XKBcpVBv60RBaSEuX_hgeyI&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0&sso_reload=true microsoft microsoftonline
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Number of links: 0
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Base64 decoded: 888fa39c-22f7-4d85-92b2-25a9b40df77341ede669-f86a-44ef-baaf-1d90d82d0c62
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Title: Redirecting does not match URL
    Source: EmailClassification: Credential Stealer
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: Iframe src: https://login.live.com/Me.htm?v=3
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No favicon
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No favicon
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No favicon
    Source: https://djodmxhn6m42wre9exde.brightnexst.ru/pax6lf1/##Ircole@ccdistributors.comHTTP Parser: No favicon
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No favicon
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="author".. found
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="author".. found
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="author".. found
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="copyright".. found
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="copyright".. found
    Source: https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44HTTP Parser: No <meta name="copyright".. found
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /meversion?partner=SMCConvergence&market=en-us&uhf=1 HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /static/public/surface-and-devices/neutral/4873755a-8b1e-497e-bc54-101d1e75d3e7/d07c07fd6aabfe12ed716e87301dc3a1a3a7b5b0.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meBoot.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655187847089.ODg4ZmEzOWMtMjJmNy00ZDg1LTkyYjItMjVhOWI0MGRmNzczNDFlZGU2NjktZjg2YS00NGVmLWJhYWYtMWQ5MGQ4MmQwYzYy&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPRiFLNukakpGDiUR6W-MoWmQnSYx-DJZ8Bc-Jx3BfsrFju3J_xozr8r1XrthXHNqTftOfdRY6ljnbz_2fNsowl_YDtPwN2zA-Vk-vrPLE7kmKYkghUhcHMawf-Vp8Wy42xNYDwgEzqLldkU7srU9jegpEEJsYkT5wdU_trwedGKo9nTDdQXZIYNZz6zCs1hG6dy_GNvEoEtuVkK7RMV88VAKrT0t0AD2mfF8syo3TUawa0mM5xmMIyue7JmmkQyCYpOvniEgo5TVigRE7d2v878AQ00ea0QVt__f_-QByNClgGI7SWB_PVimdtKV6Rt_XKBcpVBv60RBaSEuX_hgeyI&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /scripts/me/MeControl/10.24228.4/en-US/meCore.min.js HTTP/1.1Host: mem.gfx.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://support.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655187847089.ODg4ZmEzOWMtMjJmNy00ZDg1LTkyYjItMjVhOWI0MGRmNzczNDFlZGU2NjktZjg2YS00NGVmLWJhYWYtMWQ5MGQ4MmQwYzYy&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPRiFLNukakpGDiUR6W-MoWmQnSYx-DJZ8Bc-Jx3BfsrFju3J_xozr8r1XrthXHNqTftOfdRY6ljnbz_2fNsowl_YDtPwN2zA-Vk-vrPLE7kmKYkghUhcHMawf-Vp8Wy42xNYDwgEzqLldkU7srU9jegpEEJsYkT5wdU_trwedGKo9nTDdQXZIYNZz6zCs1hG6dy_GNvEoEtuVkK7RMV88VAKrT0t0AD2mfF8syo3TUawa0mM5xmMIyue7JmmkQyCYpOvniEgo5TVigRE7d2v878AQ00ea0QVt__f_-QByNClgGI7SWB_PVimdtKV6Rt_XKBcpVBv60RBaSEuX_hgeyI&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0&sso_reload=true HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655187847089.ODg4ZmEzOWMtMjJmNy00ZDg1LTkyYjItMjVhOWI0MGRmNzczNDFlZGU2NjktZjg2YS00NGVmLWJhYWYtMWQ5MGQ4MmQwYzYy&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPRiFLNukakpGDiUR6W-MoWmQnSYx-DJZ8Bc-Jx3BfsrFju3J_xozr8r1XrthXHNqTftOfdRY6ljnbz_2fNsowl_YDtPwN2zA-Vk-vrPLE7kmKYkghUhcHMawf-Vp8Wy42xNYDwgEzqLldkU7srU9jegpEEJsYkT5wdU_trwedGKo9nTDdQXZIYNZz6zCs1hG6dy_GNvEoEtuVkK7RMV88VAKrT0t0AD2mfF8syo3TUawa0mM5xmMIyue7JmmkQyCYpOvniEgo5TVigRE7d2v878AQ00ea0QVt__f_-QByNClgGI7SWB_PVimdtKV6Rt_XKBcpVBv60RBaSEuX_hgeyI&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-UzbSCjOLTQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQERqMyrA6VdIdsGrQb_4lnwhQ39jIhlShfXBV0ZPtVshsD1zPL77oB6ZL8Av50SfUz6eQohY3DBlL2Bo4lTCWVm6yvTKVUFgEa2bWq1KW53rmBb9NKEJEVoaSpipPHnu_rHU4mI-s3H7TITISWqVAZ3yAA; fpc=AidUanBt7MpJnt08Rb0MSE8; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEplNylVtQSS84ZWLlkQBuJO_bS6wQLVj93FiR7UwAZpGVsxotc6r15yevb0Nzdf225Cuf_vAnPJizGmdAvyhMmR1sDH8vgBkDiVWcfm_4FE7drLFR2jpfvQK66EghMZYasYmAql-42ERZsbdBek_al28jLYn-FNrAECyX6Zwf4kogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
    Source: global trafficHTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=8a792764-c02f-4f44-b257-c8d6452c5b7d&partnerId=smcconvergence&idpflag=proxy HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-UzbSCjOLTQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQERqMyrA6VdIdsGrQb_4lnwhQ39jIhlShfXBV0ZPtVshsD1zPL77oB6ZL8Av50SfUz6eQohY3DBlL2Bo4lTCWVm6yvTKVUFgEa2bWq1KW53rmBb9NKEJEVoaSpipPHnu_rHU4mI-s3H7TITISWqVAZ3yAA; fpc=AidUanBt7MpJnt08Rb0MSE8; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEplNylVtQSS84ZWLlkQBuJO_bS6wQLVj93FiR7UwAZpGVsxotc6r15yevb0Nzdf225Cuf_vAnPJizGmdAvyhMmR1sDH8vgBkDiVWcfm_4FE7drLFR2jpfvQK66EghMZYasYmAql-42ERZsbdBek_al28jLYn-FNrAECyX6Zwf4kogAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
    Source: global trafficHTTP traffic detected: GET /en-us/media/0b1fe818-4ce3-46e9-8851-111cec3c540c.png HTTP/1.1Host: support.content.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /static/public/central/neutral/8d293d4c-c611-44dd-963a-26137d3b12e0/a60d0e024baa9422cd26c83be43dfc763fa59490.png HTTP/1.1Host: cxcs.microsoft.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlKHLAQiFoM0BCNy9zQEIkcrNAQi5ys0BCLbLzQEI6dLNAQiK080BCMHUzQEIz9bNAQjj1s0BCI7XzQEIp9jNAQi62M0BCPnA1BUYuL/NARj2yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=521=zB5yASoFF2hbYbQItH8O2Vs4r9GDIvbTffwgutFNVHgpw0Fk1zM-B6FX_GEOpuSVF8Lxu9kcNuqH5V_XvI1Fr5_JWhU4BLMAYXA8WmqtezXyFiyBbEJf6SUr5gkQe6OOGQiQIj8IaKBnTZz6GDx4SNICqWibF2L-StY7Ct9enyX__qZ_1XTTQUbMrl3Agr4Wa8afc3nY
    Source: global trafficHTTP traffic detected: GET /deep-link?clickid=01H1RW78ZQF6QB5RM2RB5KGV69&geo=us&ip=66.249.66.3&merchantid=108994&propertyid=417896&publisherkey=0f210dc9-c1ef-4153-bd53-8fb98995be03&subid=01GWHNP35ZW7N25QKXMEA9EHVQ&url=%68%74%74%70%73%3A%2F%2F%64%6A%4F%44%6D%58%68%4E%36%4D%34%32%77%52%45%39%65%78%44%45%2E%62%72%69%67%68%74%6E%65%78%73%74%2E%72%75%2F%70%61%78%36%6C%66%31%2F%23%23Ircole@ccdistributors.com HTTP/1.1Host: link.shoppermeet.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /pax6lf1/ HTTP/1.1Host: djodmxhn6m42wre9exde.brightnexst.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://link.shoppermeet.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/324d0dcf743c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/324d0dcf743c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=9myivFA8RdSwO1_5fZpy3U.d7npFdc3AZKMEtxZZfto-1739568760-1.0.1.1-AXjHD_FsGvSdJeUQ.GFo9CGFm3h7924Dt_CZ47T9nv6mtk7UnUDMDp5EqqSrllP8rzgtJNTxIr64BEw1oTZ0gA
    Source: global trafficHTTP traffic detected: GET /tarboz@nzblao HTTP/1.1Host: 9uci.warthydri.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://djodmxhn6m42wre9exde.brightnexst.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://djodmxhn6m42wre9exde.brightnexst.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /tarboz@nzblao HTTP/1.1Host: 9uci.warthydri.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /LearnAboutSenderIdentification HTTP/1.1Host: aka.msConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655987433339.NTc5YWExMmMtY2QwNC00OWRjLTg3M2YtOWQ2NGRiNTRkNzg4YzM4MjMxZTgtYTBkYS00OGVmLTkxNjktYmYxODE3ZDJiYTk2&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPSjT6tY3g7RDzOL-LFI0QksaAZYgzYT1axvhaQWg9md2G074k1y8_rCauwhFnhW9zIfJ7GyR1eb6RSOgSQnKlQuq90CHwWWn55go2j_F8c3uq4y7yJHLzd7dIK9kPxXwTg9glh0BsSFGEvOGdYqR22zgEb5M2EbXG8hVqhEjiiCiCOYPoPckCKjnQtzvmAX7b-vxsgK5mXyft33lJlHkeax_ZBTEJDSK_-RoMNopIOUeB8vAoTDdtVlzww_2mMPHRY5mwDRuxQ3HVFPVmUKOW3IaisFcpU7vyteUyBIUSJeaseAfyQevmhWCYTyFpRzkWVuDkI61MYyD2vCVpfT5KJx&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-UzbSCjOLTQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQERqMyrA6VdIdsGrQb_4lnwhQ39jIhlShfXBV0ZPtVshsD1zPL77oB6ZL8Av50SfUz6eQohY3DBlL2Bo4lTCWVm6yvTKVUFgEa2bWq1KW53rmBb9NKEJEVoaSpipPHnu_rHU4mI-s3H7TITISWqVAZ3yAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; buid=1.AV0AMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAABdAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE9VMQGJp7PQ63vv3wcuiyDqT6riN3s_9pGBKwgVhU9Lov9lE1Ql-4VlVX1E2HriNYLWVug4WhQRcbnC2WJq5xkSdBRQglNLx8o5NtDS9GSwQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEoDRwEC3_WehMakTEZHaJJQiHSaGa0RpWLs3npIBjic5eKqtxbv5u_pP8s2pHqPmyhi9QnTd_oE2oUFknPt6d09K09_AbKdKPoetILWKysXe-WFahAB4eMkKfdKaukkpOo2hMSz4P_o7ZYPH02da6MF6G9Xvla_0z5pmBBeYyOasgAA; esctx-GTkSBEUaI14=AQABCQEAAABVrSpeuWamRam2jAF1XRQEUgfoggg_fY0ga0XlbGUtFM8wpVUVQF_TCApuSzYamUjvCHEU2LtYZZTKKRjE8XjfcQVmkNil3xVa880NqvAKY8WuBEumu_2DlsFuOU40xVSTtRmSXVbzK34dCZDIzn8SOP6HfZDPNL8dfRCxv8GDNCAA; fpc=AidUanBt7MpJnt08Rb0MSE9qwEtIAQAAAFCtQd8OAAAA
    Source: global trafficHTTP traffic detected: GET /savedusers?appid=ee272b19-4411-433f-8f28-5c13cb6fd407&wreply=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&uaid=1b8fbbc5-d29c-4a6a-c755-99b11e6efd68&partnerId=smcconvergence&idpflag=proxy HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://support.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-UzbSCjOLTQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQERqMyrA6VdIdsGrQb_4lnwhQ39jIhlShfXBV0ZPtVshsD1zPL77oB6ZL8Av50SfUz6eQohY3DBlL2Bo4lTCWVm6yvTKVUFgEa2bWq1KW53rmBb9NKEJEVoaSpipPHnu_rHU4mI-s3H7TITISWqVAZ3yAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; esctx-GTkSBEUaI14=AQABCQEAAABVrSpeuWamRam2jAF1XRQEUgfoggg_fY0ga0XlbGUtFM8wpVUVQF_TCApuSzYamUjvCHEU2LtYZZTKKRjE8XjfcQVmkNil3xVa880NqvAKY8WuBEumu_2DlsFuOU40xVSTtRmSXVbzK34dCZDIzn8SOP6HfZDPNL8dfRCxv8GDNCAA; buid=1.AV0AMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAABdAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQElubnQJ4hLebjXhQRM6K-3SZKHxZI5HgRgjoVj4MQlMWAcEEdecyCMKxyOOSrhQUZ6guLtuNUuAypq29Ok-Go3kikSde63XyLe1Ii4VbgQYEgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEJ4zEXCKyJmLbNWE612VceYJEq9-WN7Mxxg17URqPxNNJyu9v_tkFq3Wruc60KWp514FGbkP84K4uXzklDtwuiRkK4xekOwyykGn_UUX2Pc2IdhEIPPqgBxzqkkA1fw2TJhg8yORTHpS0gRH0gTZByXdyau7sErfX11wac8D9dhUgAA; esctx-RvwTJfRa3qk=AQABCQEAAABVrSpeuWamRam2jAF1XRQE_niZzpC5PnWaXuy4xkQuSSU_t6uTEms6N6a8xyt3fmBp1PZNIND3J7yDrL3JOViFlXxaXbLFitNYXE9O0re7J3kU9a4uT13jTCnCz68M5ellve_qS98JLJOMpKe5zfhUf6klXVQUgS0y_phg-z_NGCAA; fpc=AidUanBt7MpJnt08Rb0MSE9qwEtIAgAAAFCtQd8OAAAA
    Source: global trafficDNS traffic detected: DNS query: aka.ms
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
    Source: global trafficDNS traffic detected: DNS query: mem.gfx.ms
    Source: global trafficDNS traffic detected: DNS query: js.monitor.azure.com
    Source: global trafficDNS traffic detected: DNS query: c.s-microsoft.com
    Source: global trafficDNS traffic detected: DNS query: cxcs.microsoft.net
    Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
    Source: global trafficDNS traffic detected: DNS query: videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net
    Source: global trafficDNS traffic detected: DNS query: support.content.office.net
    Source: global trafficDNS traffic detected: DNS query: apis.google.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: global trafficDNS traffic detected: DNS query: link.shoppermeet.net
    Source: global trafficDNS traffic detected: DNS query: djodmxhn6m42wre9exde.brightnexst.ru
    Source: global trafficDNS traffic detected: DNS query: code.jquery.com
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: developers.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: 9uci.warthydri.ru
    Source: unknownHTTP traffic detected: POST /common/instrumentation/reportstaticmecontroltelemetry?hpgid=7&hpgact=1800&client-request-id=7b3393f2-5a44-44f8-9842-16040be1c20d&hpgrequestid=a904fb10-0c45-41bc-a22b-3b02ca0c2d00 HTTP/1.1Host: login.microsoftonline.comConnection: keep-aliveContent-Length: 34sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://login.microsoftonline.comSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c13cb6fd407&redirect_uri=https%3A%2F%2Fsupport.microsoft.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20offline_access&response_mode=form_post&nonce=638751655187847089.ODg4ZmEzOWMtMjJmNy00ZDg1LTkyYjItMjVhOWI0MGRmNzczNDFlZGU2NjktZjg2YS00NGVmLWJhYWYtMWQ5MGQ4MmQwYzYy&prompt=none&nopa=2&state=CfDJ8EtdG32FO4NGh0T1bTLSXPRiFLNukakpGDiUR6W-MoWmQnSYx-DJZ8Bc-Jx3BfsrFju3J_xozr8r1XrthXHNqTftOfdRY6ljnbz_2fNsowl_YDtPwN2zA-Vk-vrPLE7kmKYkghUhcHMawf-Vp8Wy42xNYDwgEzqLldkU7srU9jegpEEJsYkT5wdU_trwedGKo9nTDdQXZIYNZz6zCs1hG6dy_GNvEoEtuVkK7RMV88VAKrT0t0AD2mfF8syo3TUawa0mM5xmMIyue7JmmkQyCYpOvniEgo5TVigRE7d2v878AQ00ea0QVt__f_-QByNClgGI7SWB_PVimdtKV6Rt_XKBcpVBv60RBaSEuX_hgeyI&x-client-SKU=ID_NET6_0&x-client-ver=8.3.0.0&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: esctx-UzbSCjOLTQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQERqMyrA6VdIdsGrQb_4lnwhQ39jIhlShfXBV0ZPtVshsD1zPL77oB6ZL8Av50SfUz6eQohY3DBlL2Bo4lTCWVm6yvTKVUFgEa2bWq1KW53rmBb9NKEJEVoaSpipPHnu_rHU4mI-s3H7TITISWqVAZ3yAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.AV0AMe_N-B6jSkuT5F9XHpElWhkrJ-4RRD9DjyhcE8tv1AcBAABdAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE9VMQGJp7PQ63vv3wcuiyDqT6riN3s_9pGBKwgVhU9Lov9lE1Ql-4VlVX1E2HriNYLWVug4WhQRcbnC2WJq5xkSdBRQglNLx8o5NtDS9GSwQgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEoDRwEC3_WehMakTEZHaJJQiHSaGa0RpWLs3npIBjic5eKqtxbv5u_pP8s2pHqPmyhi9QnTd_oE2oUFknPt6d09K09_AbKdKPoetILWKysXe-WFahAB4eMkKfdKaukkpOo2hMSz4P_o7ZYPH02da6MF6G9Xvla_0z5pmBBeYyOasgAA; esctx-GTkSBEUaI14=AQABCQEAAABVrSpeuWamRam2jAF1XRQEUgfoggg_fY0ga0XlbGUtFM8wpVUVQF_TCApuSzYamUjvCHEU2LtYZZTKKRjE8XjfcQVmkNil3xVa880NqvAKY8WuBEumu_2DlsFuOU40xVSTtRmSXVbzK34dCZDIzn8SOP6HfZDPNL8dfRCxv8GDNCAA; fpc=AidUanBt7MpJnt08Rb0MSE9qwEtIAQAAAFCtQd8OAAAA
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
    Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
    Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
    Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 50167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
    Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
    Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
    Source: classification engineClassification label: mal60.phis.winEML@38/69@72/412
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250214T1631400157-6904.etl
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ID_60232912649455456988.eml"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "782BBF9D-EE3A-481E-B865-BAB9F3F817B9" "D3B2547E-2F6F-4873-87CC-8A07A2E2B7AE" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1940,i,8244572278966715792,18119775550012275474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "782BBF9D-EE3A-481E-B865-BAB9F3F817B9" "D3B2547E-2F6F-4873-87CC-8A07A2E2B7AE" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1940,i,8244572278966715792,18119775550012275474,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1932,i,15026654124779829165,2225806339062908127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aka.ms/LearnAboutSenderIdentification
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1932,i,15026654124779829165,2225806339062908127,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Drive-by Compromise    		Windows Management Instrumentation11
    Browser Extensions    		1
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    Process Discovery    		Remote Services1
    Clipboard Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    Registry Run Keys / Startup Folder    		1
    Modify Registry    		LSASS Memory13
    System Information Discovery    		Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Process Injection    		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    DLL Side-Loading    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.