Play interactive tour

Edit tour

Analysis Report https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2AIXz9JKMU2E1Y1rA6PPdKncWQfkmWfGw&i=5G2phwdKRW4_2obgsLvCS3Vc392P_SHqt805aVOSG9sXbI1SoikCxJPhJBUgsv1LRtdLUrlosnB46Eow5hOOeQ&k=ORBM&r=OEROF8j8fuG9MU8jrcHyGyKxL3yqsLrFYRBf9ZS2F4WDA7N6yewbJufoo5284hp_&s=a6c6d7a61b60faf5927374790c7727126fbf047a9bf2ac4c9a33cdf4cc173e79&u=https%3A%2F%2Fnam04.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Furlshortener.teams.microsoft.com%252F8D8DE5816FD51DB-7-13%26data%3D04%257C01%257Cgoretti.zertuche%2540talisis.com%257C53ccfd1a3b9f487ca81808d8e9f26adf%257C68b562d29e7f47a3be13eddbc4f27033%257C1%257C0%257C637516574876826991%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%253D%26reserved%3D0

Overview

General Information

Sample URL:	https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2AIXz9JKMU2E1Y1rA6PPdKncWQfkmWfGw&i=5G2phwdKRW4_2obgsLvCS3Vc392P_SHqt805aVOSG9sXbI1SoikCxJPhJBUgsv1LRtdLUrlosnB46Eow5hOOeQ&k=ORBM&r=OEROF8j8fuG9MU8jrcHyGyKxL3yqsLrFYRBf9ZS2F4WDA7N6yewbJufoo5284hp_&s=a6c6d7a61b60faf5927374790c7727126fbf047a9bf2ac4c9a33cdf4cc173e79&u=https%3A%2F%2Fnam04.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Furlshortener.teams.microsoft.com%252F8D8DE5816FD51DB-7-13%26data%3D04%257C01%257Cgoretti.zertuche%2540talisis.com%257C53ccfd1a3b9f487ca81808d8e9f26adf%257C68b562d29e7f47a3be13eddbc4f27033%257C1%257C0%257C637516574876826991%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%253D%26reserved%3D0
Analysis ID:	416562
Infos:
Most interesting Screenshot:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Potential browser exploit detected (process start blacklist hit)

Submit button contains javascript call

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Startup

System is w10x64

iexplore.exe (PID: 5904 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4876 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5904 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

TokenBrokerCookies.exe (PID: 1320 cmdline: C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1 MD5: 17F27A76AC8E9869C8F1BE286D88570A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: Number of links: 1
Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: Number of links: 1
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: Number of links: 0

Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: Title: Sign in to your account does not match URL
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: Title: Create account does not match URL
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: Title: Create account does not match URL

Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: No <meta name="author".. found

Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https%3A%2F%2Fteams.microsoft.com%2Fgo&state=fea69808-f423-4ec8-bb32-c2d41d9fad30&&client-request-id=b1b1c57d-0009-492d-94db-cbc4fdfa73d0&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=d00063b4-c081-4af5-8f96-54b33fe7c9ac&domain_hint=	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&suc=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&lic=1	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.89.138.20:443 -> 192.168.2.6:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.89.138.20:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49731 version: TLS 1.2

Source: C:\Program Files\internet explorer\iexplore.exe

Process created: C:\Windows\System32\TokenBrokerCookies.exe

Source: privacystatement[1].htm.2.dr	String found in binary or memory: <ul><li>Sources of personal data: Interactions with users</li><li>Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot</li><li>Recipients: Service providers and user-directed entities</li></ul></li></ul><p>While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the <a class="mscom-link" href="#mainpersonaldatawecollect">Personal data we collect</a> section, such as developers who create experiences through or for Microsoft products. Similarly, we process all categories of personal data for the purposes described in the <a class="mscom-link" href="#mainhowweusepersonaldatamodule">How we use personal data</a> section, such as meeting our legal obligations, developing our workforce, and doing research.</p><p><strong>Disclosures of personal data for business or commercial purposes</strong>. As indicated in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section.</p><p>See our <a class="mscom-link" href="https://aka.ms/ccpa">CCPA Notice</a> for additional information.</p></span></div><div class="divModuleDescription"><span id="Header13">Advertising</span><span id="navigationHeader13">Advertising</span><span id="moduleName13">mainadvertisingmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription13"><p>Advertising allows us to provide, support, and improve some of our products. Microsoft does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:</p><ul><li>Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as <a target="_blank" class="mscom-link" href="https://www.microsoft.com">Microsoft.com</a>, MSN, and Bing.</li><li>When the advertising ID is enabled in Windows 10 as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.</li><li>We may share data we collect with partners, such as Verizon Media, AppNexus, or Facebook (see below), so tha
Source: privacystatement[1].htm.2.dr	String found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header29">Search, Microsoft Edge, and artificial intelligence</span><span id="navigationHeader29">Search, Microsoft Edge, and artificial intelligence</span><span id="moduleName29">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription29" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also personalize ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver personalized advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For personalized advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads.</li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites. These third parties may place cookies on your computer and collect data about your online activities across websites or online services. These companies currently include, but are not limited to: <a target="_blank" class="mscom-link" href="https://www.appnexus.com/">AppNexus</a>, <a target="_blank" class="mscom-link" href="https://www.facebook.com/help/568137493302217">Facebook</a>, <a target="_blank" class="mscom-link" href="https://www.media.net/adchoices">Media.net</a>, <a target="_blank" class="mscom-link" href="https://my.outbrain.com/recommendations-settings/home">Outbrain</a>, <a target="_blank" class="mscom-link" href="https://www.taboola.com/privacy-policy#user-choices-and-optout">Taboola</a> and <a target="_blank" class="mscom-link" href="https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html">Verizon Media</a>. Select any of the preceding links to find more information on each company's practices, including the choices it offers. Many of these companies are also members of the <a target="_blank" class="mscom-link" href="https://www.networkadvertising.org/managing/opt_out.aspx">NAI</a> or <a target="_blank" class="mscom-link" href="https://www.aboutads.info/choices/">DAA</a>, which each provide a simple way to opt out of ad targeting from participating companies.</p></span></div><div class="divModuleDescription"><span id="Header59">Speech recognition technologies</span><span id="navigationHeader59">Speech recognition technologies</span><span id="moduleName59">mainspeechrecognitionmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription59"><p>Speech equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: m365.eu.vadesecure.com

Source: icons[1].eot.2.dr	String found in binary or memory: http://fontello.com
Source: icons[1].eot.2.dr	String found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
Source: 17-f90ef1[1].js.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://jquery.com/
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://jquery.org/license
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr, ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2[1].js.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php)
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	String found in binary or memory: http://sizzlejs.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: http://www.mpegla.com
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: http://www.mpegla.com).
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: authorize[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net
Source: authorize[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2
Source: authorize[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_lx3ffqwkjnm_
Source: imagestore.dat.2.dr, authorize[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(
Source: authorize[1].htm.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2.js
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_6YpynTcUlrcv1RHYgHSSXg2.css?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)
Source: imagestore.dat.2.dr, signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: imagestore.dat.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~
Source: imagestore.dat.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~(
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_eMkRivwkcsf4ZMudYC6P8w2.js?v=1
Source: signup[1].htm.2.dr	String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://aka.ms/DPA
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://aka.ms/ccpa
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://aka.ms/kinectprivacy/
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://aka.ms/redeemrewards
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://aka.ms/redeemrewards).
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://aka.ms/taxservice
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://aka.ms/useterms
Source: signup[1].htm.2.dr	String found in binary or memory: https://az416426.vo.msecnd.net/scripts/c/ms.analytics-web-2.min.js
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://developer.yahoo.com/flurry/end-user-opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
Source: LXMCCMOY.htm.2.dr	String found in binary or memory: https://fpt.live.com/
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://fpt.live.com/?session_id=b1b1c57d0009492d94dbcbc4fdfa73d0&CustomerId=33e01921-4d64-4f8c-a055
Source: convergedlogin_presetpasswordsplitter_9df00b568d583d28a916[1].js.2.dr, signup[1].htm.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: app[1].css.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: signup[1].htm.2.dr	String found in binary or memory: https://login.live.com
Source: authorize[1].htm.2.dr	String found in binary or memory: https://login.live.com/Me.htm?v=3
Source: authorize[1].htm.2.dr	String found in binary or memory: https://login.live.com/forgetme.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com
Source: authorize[1].htm.2.dr	String found in binary or memory: https://login.live.com/logout.srf?iframed_by=https%3a%2f%2flogin.microsoftonline.com
Source: authorize[1].htm.2.dr	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?response_type=code
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://login.microsof
Source: Me[1].htm.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: TokenBrokerCookies.exe, 00000005.00000002.369900936.000001E105350000.00000004.00000020.sdmp, {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: TokenBrokerCookies.exe, 00000005.00000002.369958919.000001E10535D000.00000004.00000020.sdmp	String found in binary or memory: https://login.microsoftonline.com/0tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoft
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DF9F1FBDE3735B8083.TMP.1.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-
Source: authorize[1].htm.2.dr	String found in binary or memory: https://login.microsoftonline.com/jsdisabled
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://login.skype.com/login
Source: Me[1].htm.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://m365.eu.vadese
Source: v4[1].htm.2.dr	String found in binary or memory: https://m365.eu.vadesecure.com/safeproxy/
Source: imagestore.dat.2.dr	String found in binary or memory: https://m365.eu.vadesecure.com/safeproxy/favicon.ico
Source: ~DF9F1FBDE3735B8083.TMP.1.dr	String found in binary or memory: https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://mixer.com/about/tos
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://mixer.com/contact
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://mixpanel.com/optout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://ondemand.webtrends.com/support/optout.asp
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://playfab.com/terms/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://privacy.micros
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://signin.kissmetrics.com/privacy/#controls
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://signup.live.co
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://signup.live.com/
Source: signup[1].htm.2.dr	String found in binary or memory: https://signup.live.com/error.aspx?errcode=1045&mkt=en-US
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DF9F1FBDE3735B8083.TMP.1.dr	String found in binary or memory: https://signup.live.com/signup?ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%2
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://skype.com/go/myaccount
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://support.xbox.com/help/family-online-safety/online-safety/manage-online-safety-and-privacy-se
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://teams.microsof
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.aboutads.info/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.acuityads.com/opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.adjust.com/opt-out/
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.adr.org
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.appnexus.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.appsflyer.com/optout
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.clicktale.net/disable.html
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.google.com/intl/en_ALL/help/terms_maps.html
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.here.com/)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.linkedin.com/legal/privacy-policy
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
Source: {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	String found in binary or memory: https://www.microsoft.
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.optimizely.com/legal/opt-out/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.privacyshield.gov/welcome
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com).
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com/go/allrates
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com/go/legal
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com/go/legal.broadcast
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com/go/store.reactivate.credit
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.skype.com/go/ustax
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/Legal/ThirdPartyDataSharing
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/legal/codeofconduct
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/managedatacollection
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/xbox-game-studios
Source: servicesagreement[1].htm.2.dr	String found in binary or memory: https://www.xbox.com/xbox-game-studios)
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youradchoices.ca
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youradchoices.ca/fr
Source: privacystatement[1].htm.2.dr	String found in binary or memory: https://www.youronlinechoices.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 40.89.138.20:443 -> 192.168.2.6:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.89.138.20:443 -> 192.168.2.6:49694 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 152.199.21.175:443 -> 192.168.2.6:49731 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@5/75@10/4

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C783A79-B83F-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5BC955434102D5F6.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\TokenBrokerCookies.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5904 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Windows\System32\TokenBrokerCookies.exe C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5904 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Windows\System32\TokenBrokerCookies.exe C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: TokenBrokerCookies.exe, 00000005.00000002.369966698.000001E105369000.00000004.00000020.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP]mP

Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Windows\System32\TokenBrokerCookies.exe C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Windows\System32\TokenBrokerCookies.exe C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter1	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	Security Software Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scripting1	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	File and Directory Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution1	Logon Script (Windows)	Logon Script (Windows)	Scripting1	Security Account Manager	System Information Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2AIXz9JKMU2E1Y1rA6PPdKncWQfkmWfGw&i=5G2phwdKRW4_2obgsLvCS3Vc392P_SHqt805aVOSG9sXbI1SoikCxJPhJBUgsv1LRtdLUrlosnB46Eow5hOOeQ&k=ORBM&r=OEROF8j8fuG9MU8jrcHyGyKxL3yqsLrFYRBf9ZS2F4WDA7N6yewbJufoo5284hp_&s=a6c6d7a61b60faf5927374790c7727126fbf047a9bf2ac4c9a33cdf4cc173e79&u=https%3A%2F%2Fnam04.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Furlshortener.teams.microsoft.com%252F8D8DE5816FD51DB-7-13%26data%3D04%257C01%257Cgoretti.zertuche%2540talisis.com%257C53ccfd1a3b9f487ca81808d8e9f26adf%257C68b562d29e7f47a3be13eddbc4f27033%257C1%257C0%257C637516574876826991%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%253D%26reserved%3D0	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://m365.eu.vadese	0%	Avira URL Cloud	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://www.youradchoices.ca/fr	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	0%	URL Reputation	safe
https://acctcdn.msauth.net/lightweightsignuppackage_eMkRivwkcsf4ZMudYC6P8w2.js?v=1	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	0%	URL Reputation	safe
https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	0%	URL Reputation	safe
http://www.mpegla.com).	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	0%	URL Reputation	safe
https://www.skype.com).	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	0%	URL Reputation	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
http://fontello.comiconsRegulariconsiconsVersion	0%	URL Reputation	safe
https://login.microsof	0%	URL Reputation	safe
https://login.microsof	0%	URL Reputation	safe
https://login.microsof	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	0%	URL Reputation	safe
https://www.microsoft.	0%	URL Reputation	safe
https://www.microsoft.	0%	URL Reputation	safe
https://www.microsoft.	0%	URL Reputation	safe
https://m365.eu.vadesecure.com/safeproxy/favicon.ico	0%	Avira URL Cloud	safe
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_lx3ffqwkjnm_	0%	Avira URL Cloud	safe
https://teams.microsof	0%	Avira URL Cloud	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://aadcdn.msauth.net	0%	URL Reputation	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://acctcdn.msauth.net	0%	URL Reputation	safe
https://privacy.micros	0%	URL Reputation	safe
https://privacy.micros	0%	URL Reputation	safe
https://privacy.micros	0%	URL Reputation	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://www.youradchoices.ca	0%	URL Reputation	safe
https://acctcdn.msauth.net/converged_ux_v2_6YpynTcUlrcv1RHYgHSSXg2.css?v=1	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2~	0%	URL Reputation	safe
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2	0%	Avira URL Cloud	safe
https://m365.eu.vadesecure.com/safeproxy/	0%	Avira URL Cloud	safe
https://signup.live.co	0%	URL Reputation	safe
https://signup.live.co	0%	URL Reputation	safe
https://signup.live.co	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	0%	URL Reputation	safe
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2.js	0%	Avira URL Cloud	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe
https://acctcdn.msauth.net/images/favicon.ico?v=2	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
m365.eu.vadesecure.com	40.89.138.20	true	false	unknown
nam04.safelinks.protection.outlook.com	104.47.44.28	true	false	high
sni1gl.wpc.alphacdn.net	152.199.21.175	true	false	unknown
signup.live.com	unknown	unknown	false	high
login.microsoftonline.com	unknown	unknown	false	high
aadcdn.msauth.net	unknown	unknown	false	unknown
assets.onestore.ms	unknown	unknown	false	unknown
fpt.live.com	unknown	unknown	false	high
acctcdn.msauth.net	unknown	unknown	false	unknown
ajax.aspnetcdn.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/useterms	servicesagreement[1].htm.2.dr	false		high
https://login.microsoftonline.com/	TokenBrokerCookies.exe, 00000005.00000002.369900936.000001E105350000.00000004.00000020.sdmp, {0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://www.acuityads.com/opt-out/	privacystatement[1].htm.2.dr	false		high
https://m365.eu.vadese	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.youradchoices.ca/fr	privacystatement[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.adr.org	servicesagreement[1].htm.2.dr	false		high
https://www.xbox.com/en-US/Legal/CodeOfConduct)	servicesagreement[1].htm.2.dr	false		high
http://www.asp.net/ajaxlibrary/CDN.ashx.	privacystatement[1].htm.2.dr	false		high
https://fpt.live.com/	LXMCCMOY.htm.2.dr	false		high
https://www.xbox.com/en-US/Legal/CodeOfConduct	servicesagreement[1].htm.2.dr	false		high
http://opensource.org/licenses/mit-license.php)	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
http://www.json.org/json2.js	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aka.ms/taxservice	servicesagreement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/lightweightsignuppackage_eMkRivwkcsf4ZMudYC6P8w2.js?v=1	signup[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://skype.com/go/myaccount	servicesagreement[1].htm.2.dr	false		high
https://www.skype.com	servicesagreement[1].htm.2.dr	false		high
https://www.appnexus.com/	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aka.ms/ccpa	privacystatement[1].htm.2.dr	false		high
https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html	privacystatement[1].htm.2.dr	false		high
https://www.youronlinechoices.com/	privacystatement[1].htm.2.dr	false		high
https://mixer.com/contact	servicesagreement[1].htm.2.dr	false		high
https://www.adjust.com/opt-out/	privacystatement[1].htm.2.dr	false		high
https://www.xbox.com/managedatacollection	privacystatement[1].htm.2.dr	false		high
https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2	~DF9F1FBDE3735B8083.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://www.xbox.com/legal/codeofconduct	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.mpegla.com).	servicesagreement[1].htm.2.dr	false	Avira URL Cloud: safe	low
https://aka.ms/kinectprivacy/	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.skype.com).	servicesagreement[1].htm.2.dr	false	Avira URL Cloud: safe	low
https://www.xbox.com	privacystatement[1].htm.2.dr	false		high
https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio	privacystatement[1].htm.2.dr	false		high
https://github.com/douglascrockford/JSON-js	convergedlogin_presetpasswordsplitter_9df00b568d583d28a916[1].js.2.dr, signup[1].htm.2.dr	false		high
https://acctcdn.msauth.net/images/favicon.ico?v=2~(	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://fpt.live.com/?session_id=b1b1c57d0009492d94dbcbc4fdfa73d0&CustomerId=33e01921-4d64-4f8c-a055	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
http://www.opensource.org/licenses/mit-license.php)	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr	false		high
http://fontello.comiconsRegulariconsiconsVersion	icons[1].eot.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://login.microsof	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico~(	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html	privacystatement[1].htm.2.dr	false		high
https://www.skype.com/go/legal	servicesagreement[1].htm.2.dr	false		high
https://mixer.com/about/tos	servicesagreement[1].htm.2.dr	false		high
https://www.microsoft.	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://m365.eu.vadesecure.com/safeproxy/favicon.ico	imagestore.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://www.linkedin.com/legal/privacy-policy	privacystatement[1].htm.2.dr	false		high
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_lx3ffqwkjnm_	authorize[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://teams.microsof	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://aadcdn.msauth.net	authorize[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aka.ms/DPA	privacystatement[1].htm.2.dr	false		high
https://support.xbox.com/help/friends-social-activity/community/use-safety-settings	privacystatement[1].htm.2.dr	false		high
https://www.xbox.com/Legal/ThirdPartyDataSharing	privacystatement[1].htm.2.dr	false		high
https://aka.ms/redeemrewards	servicesagreement[1].htm.2.dr	false		high
https://signin.kissmetrics.com/privacy/#controls	privacystatement[1].htm.2.dr	false		high
https://login.skype.com/login	privacystatement[1].htm.2.dr	false		high
https://www.skype.com/go/ustax	servicesagreement[1].htm.2.dr	false		high
http://jquery.org/license	jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	false		high
https://acctcdn.msauth.net	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.optimizely.com/legal/opt-out/	privacystatement[1].htm.2.dr	false		high
https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=5e3ce6c0-	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr, ~DF9F1FBDE3735B8083.TMP.1.dr	false		high
http://sizzlejs.com/	jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.2.dr	false		high
https://signup.live.com/error.aspx?errcode=1045&mkt=en-US	signup[1].htm.2.dr	false		high
https://login.windows-ppe.net	Me[1].htm.2.dr	false		high
https://www.privacyshield.gov/welcome	privacystatement[1].htm.2.dr	false		high
https://login.microsoftonline.com	Me[1].htm.2.dr	false		high
https://ondemand.webtrends.com/support/optout.asp	privacystatement[1].htm.2.dr	false		high
https://www.skype.com/go/legal.broadcast	servicesagreement[1].htm.2.dr	false		high
https://www.appsflyer.com/optout	privacystatement[1].htm.2.dr	false		high
https://privacy.micros	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aka.ms/redeemrewards).	servicesagreement[1].htm.2.dr	false		high
https://login.microsoftonline.com/jsdisabled	authorize[1].htm.2.dr	false		high
https://playfab.com/terms/	privacystatement[1].htm.2.dr	false		high
http://www.mpegla.com	servicesagreement[1].htm.2.dr	false		high
https://www.youradchoices.ca	privacystatement[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://github.com/requirejs/almond/LICENSE	17-f90ef1[1].js.2.dr	false		high
https://www.here.com/)	privacystatement[1].htm.2.dr	false		high
https://www.skype.com/go/store.reactivate.credit	servicesagreement[1].htm.2.dr	false		high
https://www.aboutads.info/	privacystatement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/converged_ux_v2_6YpynTcUlrcv1RHYgHSSXg2.css?v=1	signup[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://signup.live.com/	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false		high
https://www.xbox.com/xbox-game-studios)	servicesagreement[1].htm.2.dr	false		high
https://acctcdn.msauth.net/images/favicon.ico?v=2~	imagestore.dat.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://developer.yahoo.com/flurry/end-user-opt-out/	privacystatement[1].htm.2.dr	false		high
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2	authorize[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://m365.eu.vadesecure.com/safeproxy/	v4[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
http://fontello.com	icons[1].eot.2.dr	false		high
https://signup.live.co	{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://knockoutjs.com/	knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.2.dr, ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2[1].js.2.dr	false		high
https://www.clicktale.net/disable.html	privacystatement[1].htm.2.dr	false		high
https://www.skype.com/go/allrates	servicesagreement[1].htm.2.dr	false		high
https://www.xbox.com/xbox-game-studios	servicesagreement[1].htm.2.dr	false		high
https://support.xbox.com/help/family-online-safety/online-safety/manage-online-safety-and-privacy-se	privacystatement[1].htm.2.dr	false		high
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	imagestore.dat.2.dr, authorize[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2.js	authorize[1].htm.2.dr	false	Avira URL Cloud: safe	unknown
https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1	signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://acctcdn.msauth.net/images/favicon.ico?v=2	imagestore.dat.2.dr, signup[1].htm.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.xbox.com/	privacystatement[1].htm.2.dr	false		high
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	app[1].css.2.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.47.44.28	nam04.safelinks.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.89.138.20	m365.eu.vadesecure.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	416562
Start date:	18.05.2021
Start time:	18:09:54
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2AIXz9JKMU2E1Y1rA6PPdKncWQfkmWfGw&i=5G2phwdKRW4_2obgsLvCS3Vc392P_SHqt805aVOSG9sXbI1SoikCxJPhJBUgsv1LRtdLUrlosnB46Eow5hOOeQ&k=ORBM&r=OEROF8j8fuG9MU8jrcHyGyKxL3yqsLrFYRBf9ZS2F4WDA7N6yewbJufoo5284hp_&s=a6c6d7a61b60faf5927374790c7727126fbf047a9bf2ac4c9a33cdf4cc173e79&u=https%3A%2F%2Fnam04.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Furlshortener.teams.microsoft.com%252F8D8DE5816FD51DB-7-13%26data%3D04%257C01%257Cgoretti.zertuche%2540talisis.com%257C53ccfd1a3b9f487ca81808d8e9f26adf%257C68b562d29e7f47a3be13eddbc4f27033%257C1%257C0%257C637516574876826991%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%253D%26reserved%3D0
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@5/75@10/4
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2msa&state=rQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1&estsfed=1&uaid=b1b1c57d0009492d94dbcbc4fdfa73d0&signup=1&lw=1&fl=easi2&fci=5e3ce6c0-2b1f-4285-8d4b-75ee78787346 Browsing link: https://www.microsoft.com/en-US/servicesagreement/ Browsing link: https://privacy.microsoft.com/en-US/privacystatement
Warnings:	Show All Excluded IPs from analysis (whitelisted): 104.43.193.48, 13.64.90.137, 104.42.151.234, 88.221.62.148, 52.113.194.131, 52.113.194.132, 20.190.160.5, 20.190.160.72, 20.190.160.70, 20.190.160.135, 20.190.160.74, 20.190.160.1, 20.190.160.3, 20.190.160.7, 13.107.253.60, 13.107.226.60, 20.190.160.134, 20.190.160.136, 20.190.160.75, 20.190.160.132, 20.190.160.73, 20.190.160.2, 20.190.160.71, 20.190.160.4, 13.107.246.60, 13.107.213.60, 13.107.42.22, 52.167.30.171, 52.114.32.25, 92.122.145.53, 152.199.19.161, 92.122.213.240, 92.122.213.194, 104.75.89.181, 152.199.19.160, 92.122.213.247, 84.53.167.109, 2.20.142.209, 2.20.143.16 Excluded domains from analysis (whitelisted): greenid-prod-pme.eastus2.cloudapp.azure.com, assets.onestore.ms.edgekey.net, pme-greenid-prod.trafficmanager.net, www.tm.lg.prod.aadmsa.akadns.net, e13678.dscb.akamaiedge.net, browser.events.data.trafficmanager.net, i.s-microsoft.com.edgekey.net, www.tm.a.prd.aadg.trafficmanager.net, a1945.g2.akamai.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, login.live.com, audownload.windowsupdate.nsatc.net, statics-marketingsites-eus-ms-com.akamaized.net, watson.telemetry.microsoft.com, acctcdnvzeuno.azureedge.net, au-bg-shim.trafficmanager.net, acctcdnvzeuno.ec.azureedge.net, e10583.dspg.akamaiedge.net, aadcdnoriginwus2.azureedge.net, part-0032.t-0009.t-msedge.net, www.tm.a.prd.aadg.akadns.net, s-0004.s-msedge.net, assets.onestore.ms.akadns.net, skypedataprdcolcus15.cloudapp.net, c-s.cms.ms.akadns.net, s-0005.s-msedge.net, blobcollector.events.data.trafficmanager.net, account.msa.akadns6.net, aadcdnoriginwus2.afd.azureedge.net, c.s-microsoft.com-c.edgekey.net, privacy.microsoft.com.edgekey.net, part-0032.t-0009.fb-t-msedge.net, fpt.microsoft.com, dual.part-0032.t-0009.t-msedge.net, cs9.wpc.v0cdn.net, au.download.windowsupdate.com.edgesuite.net, urlshortener-teams-microsoft-com.s-0004.s-msedge.net, i.s-microsoft.com, a1449.dscg2.akamai.net, acctcdn.trafficmanager.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, go.microsoft.com, mscomajax.vo.msecnd.net, teams-office-com.s-0005.s-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcoljpe05.cloudapp.net, skypedataprdcolwus17.cloudapp.net, ie9comview.vo.msecnd.net, cs22.wpc.v0cdn.net, teams.microsoft.com, ctldl.windowsupdate.com, a767.dscg3.akamai.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, urlshortener.teams.microsoft.com, browser.events.data.microsoft.com, c.s-microsoft.com, privacy.microsoft.com, go.microsoft.com.edgekey.net, l-0013.l-msedge.net, e13678.dscg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net, www.microsoft.com, e13678.dspb.akamaiedge.net, wcpstatic.microsoft.com Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\m365.eu.vadesecure[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1528
Entropy (8bit):	5.76526756473178
Encrypted:	false
SSDEEP:	24:WUMZrImPlGBMxurvPT5qcX58eKTDAi+4wP7EYGTI/ssHA4dWh8SVYCtfiRgsYfsM:L+rImPlGBqOvPT5qcX58PAJ4wh5UsHAX
MD5:	77049725F3CFE4AFE0A9FA1A13E86423
SHA1:	DCEB84D2BD507D6019F9B05B8A81B76FB294514D
SHA-256:	4B6B53472A226B44A92D423ED397529107EAB9F4D0689BED5AF59CB2D1C0A7DC
SHA-512:	6517B977AEC5BF6298D8C621221F5B8B987A3BF782E4D1318A5B00A9A2033C5102BA5D71AE54E161EE15F0B8134404E7549840B0B6CBA18E7FF85C05C6DD6976
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="userDatas" value="{"context":{"emailFrom":"al.rodes@efficienceconsultants.com","emailTo":"ajalu@lamutuellegenerale.fr","login":"d724cc0a-ed2e-4379-8619-7ef493dd6ba5","time":"","action":"","IIP":{"url":"https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furlshortener.teams.microsoft.com%2F8D8DE5816FD51DB-7-13\u0026data=04%7C01%7Cgoretti.zertuche%40talisis.com%7C53ccfd1a3b9f487ca81808d8e9f26adf%7C68b562d29e7f47a3be13eddbc4f27033%7C1%7C0%7C637516574876826991%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000\u0026sdata=ZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%3D\u0026reserved=0","result":""}},"mode":"protection","prefix":"","logo":"custom/images/bp7pgi8di4ig7921c2j0.png","he

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\teams.microsoft[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	4.92770594245709
Encrypted:	false
SSDEEP:	24:W00UyAd+xWO1WO0UyAd+xWO1WOWmEm8WOn2jhWO0UyAd+xWO1WOWmEm8WOn2jhWX:1y8+cHsy8+cHIticMsy8+cHIticMMUF
MD5:	5C285758B62F060F40A405EAA6108417
SHA1:	E183FDCF3154E058673786ED5EF79DEAC98FFB95
SHA-256:	A8F688756395F5B61C8B3FAD041E1989B436E278999982B31068D8C1CBDB85C5
SHA-512:	F656061AA08AE0FC91936EFAFA16BD00006FA84C2FECEA71AF369A28E8001D7D1870CA10CD0B8060E272F9299A2C9576858DCA3D092455A044CB211C2267ECE6
Malicious:	false
Reputation:	low
Preview:	<root></root><root></root><root></root><root><item name="adal.login.request" value="https://teams.microsoft.com/" ltime="3571482848" htime="30886987" /><item name="adal.login.error" value="" ltime="3571482848" htime="30886987" /></root><root><item name="adal.login.request" value="https://teams.microsoft.com/" ltime="3571482848" htime="30886987" /><item name="adal.login.error" value="" ltime="3571482848" htime="30886987" /><item name="adal.state.login" value="fea69808-f423-4ec8-bb32-c2d41d9fad30" ltime="3571482848" htime="30886987" /><item name="adal.nonce.idtoken" value="d00063b4-c081-4af5-8f96-54b33fe7c9ac" ltime="3571482848" htime="30886987" /></root><root><item name="adal.login.request" value="https://teams.microsoft.com/" ltime="3571482848" htime="30886987" /><item name="adal.login.error" value="" ltime="3571482848" htime="30886987" /><item name="adal.state.login" value="fea69808-f423-4ec8-bb32-c2d41d9fad30" ltime="3571482848" htime="30886987" /><item name="adal.nonce.idtoken" valu

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C783A79-B83F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8530955735560835
Encrypted:	false
SSDEEP:	192:rcZp9Z++2La5WLLAtLpfL2hMLLLHLGfLAMX:rcpzMLdLwLZLHLLLHL8Lp
MD5:	964AC2775F64D004FF79C8477C361239
SHA1:	593D05908C3233F77219DC53962281DF10DA46A4
SHA-256:	293383608E15E1C572E5717FA171F47E879AD15951BD91C78E22C259A11B8F9C
SHA-512:	CB4C6BFA8276009524404F0808EB99A92C21171FBF045FDBDD4DF72C2F632D963CB803EC885045CC459A6CA5AC33A41A73F81BB796EFD49D5958E2311B32EF84
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C783A7B-B83F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	155674
Entropy (8bit):	3.3615425196893525
Encrypted:	false
SSDEEP:	3072:OERrVrXrerVTX3zh8S7LIRSe1IUIhIXIpcFMFe9a/euecbIOpVee:OERrVPerVbzh8S7LI0e1IUIhIXIpcFMF
MD5:	3884E8DCEC290E857E49D41A7505E999
SHA1:	8BC3FCF3F611CE81F2689E95D28F994BC22C3942
SHA-256:	83510E58ADB9B65DC3C8932BDF08D19E80E2D4A82B5B59F8D6EE655E5C9D720F
SHA-512:	AE6CFDA45501D525436A9D233E9FCA5769D0074AEB4B409DFB681C1A48AA0DF8931BEDCDC35744136475FF6FA4AEA847A4A074DF515E0C88F53C222E7A122F09
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{159CEF79-B83F-11EB-90E5-ECF4BB2D2496}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5652445288557633
Encrypted:	false
SSDEEP:	48:IwRGcprAjGwpazG4pQqGrapbSKGQpKmG7HpRxTGIpG:rnZA9QF6cBSyARTnA
MD5:	9D1AF847BEE97413E0C764BDAA22156E
SHA1:	F41E8187A6856DC3AC073E94A13D486EF4AED3F8
SHA-256:	C6E475ADBBFCC97A68FB11F3ECF84E86D306952544C90C16CD98C057DFDAC48D
SHA-512:	6D29C896026D54727021754E2A17C3F343128A729BC870C214F28BF46F7A6552FE3F6A4469CB1907526BB6ADB274E681C2D913717B62F4D6BE63A56D11C3F9F9
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	58860
Entropy (8bit):	3.3962631335894624
Encrypted:	false
SSDEEP:	96:7H1pla7MKkE6/u+5kNNMjMqMqMbMiM9QQQQQEQQQQQsQQQQQN:7VjvEIs+Hni/9
MD5:	B1DD07DCD2587FDF81C42CC6CE5E445C
SHA1:	DCEC946C24C379BA69D05306ED8562403726973C
SHA-256:	95F033514AB7C5D89FF7668A492A22E3F5A0DE17CB763509A92A7D4AB80BA32A
SHA-512:	E422A67AA0460025B4232635719DE5060DDD96BEA306E99F8DDC642B091A5C3D2F35EFFCDEA8224E85CAD3CA5862B202685D208654269784D42DBF7171C32CCA
Malicious:	false
Reputation:	low
Preview:	4.h.t.t.p.s.:././.m.3.6.5...e.u...v.a.d.e.s.e.c.u.r.e...c.o.m./.s.a.f.e.p.r.o.x.y./.f.a.v.i.c.o.n...i.c.o........... .... .........(... ...@..... .........................LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG............ ... ........LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG........=....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	428693
Entropy (8bit):	5.444917212306362
Encrypted:	false
SSDEEP:	6144:S8klySYEsuPMZV4lyKpAnPSuFdbkbgj49OQsDIE0HC/Lr/:S8klfpyWAPBStsD7j
MD5:	C749CEEA6F1F1BB65E62E69CF00334B3
SHA1:	1D922B7324A4D418B49CA5B7D136136C5BC92540
SHA-256:	4C485E4A0FC9354A59B3CD2AD5DC6A834E8BDDFBAD0E2F90C6CA1B05C0AB7379
SHA-512:	DC7A79DA4219A8DE0AE6AFCC18B53947EAEFB6F19D8CAA03C0D9C314A6B468C1C39653471DF5CF8CCDF0258105A64AB4AC31AC79A034B4BDCF1FE7BA4DADA464
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_x0nO6m8fG7ZeYuac8AM0sw2.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,a=n[0],r=n[1],s=0,c=[];s<a.length;s++)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\QASDXQBP.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	43582
Entropy (8bit):	5.364493740429373
Encrypted:	false
SSDEEP:	768:uY1iv/Iv/5gfvkBdhpzUvzEvk+BYyl7/gadsGlPm0goh:uYUvQIWkEYy1YPE
MD5:	DDD370E0C98F30C3EF02546491B2C3D3
SHA1:	26096F2761A10EBCCF63642DF41EEC2FADE1F7F8
SHA-256:	9F94E8D4E02471E992DB9F663FEE9ED8072794F02D93ECF0CA1DDFD6EE67995C
SHA-512:	540AC79CB32908EB627C26934826F75810694E074E488719294DE54D35BC67A0D6AEA5BB016B6A80762CBC1FA77F643A1BAEB017CF0237C731EE7DFCA5FCCC71
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html><html><head><title>Checking your credentials...</title><meta name=viewport><meta name=robots content=noindex><script nonce=wplUBHh6CkZ1OCI4jgz7IQ==>function sendAppStateChanged(e){window.electronSafeIpc&&window.electronSafeIpc.send("appStateChanged",e)}sendAppStateChanged("AuthstrapInitialize")</script><script nonce=wplUBHh6CkZ1OCI4jgz7IQ==>sendAppStateChanged("AuthstrapAdalScriptLoading");var AuthenticationContext,Logging={level:0,log:function(){}};"undefined"!=typeof module&&module.exports&&(module.exports.inject=function(t){return new AuthenticationContext(t)}),(AuthenticationContext=function(t){if(this.REQUEST_TYPE={LOGIN:"LOGIN",RENEW_TOKEN:"RENEW_TOKEN",UNKNOWN:"UNKNOWN"},this.CONSTANTS={ACCESS_TOKEN:"access_token",EXPIRES_IN:"expires_in",ID_TOKEN:"id_token",ERROR_DESCRIPTION:"error_description",SESSION_STATE:"session_state",STORAGE:{TOKEN_KEYS:"adal.token.keys",ACCESS_TOKEN_KEY:"adal.access.token.key",EXPIRATION_KEY:"adal.expiration.key",START_PAGE:"adal.start.pag

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\authorize[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	189756
Entropy (8bit):	5.622112975679712
Encrypted:	false
SSDEEP:	3072:r8MSWXPAT+BxktlyVUDmkUNG2ym+d/PngTehK8ij2g/8w5:rSWXe+/kUNGzU5
MD5:	448351E349109BA66050AD36221B4132
SHA1:	7A4454DDF622406E9D45DED55DC89734F15B83C3
SHA-256:	40D14509A8EB2CA396CE1F59D9993295D176BAE7803E89347D063DED2F1D95FD
SHA-512:	7BF15FF52C3602C530BF28FED8FF047251701209DC83D58BABD090B4A9ADDD33398261F6B7B263959FECB2AAACAA88191EB6D2F2558B6CEBC003EE064C1C3C74
Malicious:	false
Reputation:	low
Preview:	.... Copyright (C) Microsoft Corporation. All rights reserved. -->..<!DOCTYPE html>..<html dir="ltr" class="" lang="en">..<head>.. <title>Sign in to your account</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">.. <meta http-equiv="Pragma" content="no-cache">.. <meta http-equiv="Expires" content="-1">.. <link rel="preconnect" href="https://aadcdn.msauth.net" crossorigin>..<meta http-equiv="x-dns-prefetch-control" content="on">..<link rel="dns-prefetch" href="//aadcdn.msauth.net">..<link rel="dns-prefetch" href="//aadcdn.msftauth.net">.... <meta name="PageID" content="ConvergedSignIn" />.. <meta name="SiteID" content="" />.. <meta name="ReqLC" content="1033" />.. <meta name="LocLC" content="en-US" />.... <meta name="referrer" content="origin" />....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\config[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	50
Entropy (8bit):	4.21287868934203
Encrypted:	false
SSDEEP:	3:FAXTzffASKGEJ7PVqn:FyTzoSdEJ7Pkn
MD5:	48CEF5284EEBCF3B1380D6710357990C
SHA1:	B381F3445730FEFD66485A85E761CF6323D59AD9
SHA-256:	CDFC8444656AA534028FB59331119A15CE73E5129435B877ED8AA11A65C91FA7
SHA-512:	419F94B95EE23EE0AD5DEB4C1580C6A0C3E39C04D81E21DD9BCB6BC68823788F6A5D80B4BBB8ECBB52349010418D1F5910791C6C091299BD6D8432782DA224DA
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/app/config/config.json
Preview:	{. "serviceUrl": "http://localhost:4220".}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	108042
Entropy (8bit):	5.290475415950322
Encrypted:	false
SSDEEP:	1536:QpHDgBvguhw+EViazA/PWrF7qvEAFiQcpmUGDvz6yVUn1:xktlyVU1
MD5:	B72FC12B9597C7CD8A8A5310ECEE902F
SHA1:	301AD20CCEF3B7247E716DA874E43B193AB3CBF2
SHA-256:	2D7A11BA79B08B7C687E4A80E11E5004E2CE2786FA96666104BFE3A4289F658B
SHA-512:	D667089D42707677E0E23045EB97452268AAF5588EBD6D7F0D2A7A88564CCE9C13405FED53FA602439B199FD3D1E7ACC16F6A632557CD6EA3700C699788D6F9F
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2.css
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\converged_ux_v2_6YpynTcUlrcv1RHYgHSSXg2[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	95614
Entropy (8bit):	5.292185602860679
Encrypted:	false
SSDEEP:	1536:QpHDIqBBw+/6azA/PWrF7qvEAFiQcpmKboBdiyMUWC8ErpH/TVTDrwCGNQZ3yU0P:IBpOyUU
MD5:	E98A729D371496B72FD511D88074925E
SHA1:	B27B6160B4A59516012B9BAD107CA2C405DED02C
SHA-256:	84A4D3EE46C30666A48716EF5AF649E79A2EAFBEE70DA3589D76EEB4F2189BAA
SHA-512:	C849AE1FC8D819264A451451FBBAED9DDDEA8BFB4612CC2D5211C205E914E09E4359A6A2D96DA48589898840A338ADF00A8E10DAADFFCFAA756452DD720C92DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/converged_ux_v2_6YpynTcUlrcv1RHYgHSSXg2.css?v=1
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. ..//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any perso

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	3.8512137721714885
Encrypted:	false
SSDEEP:	48:HHFLpla1btjzvj3ijqjOj38jqEjoOji3CnkcD6YcUe0l+5+Nu:HH1pla7MKkE6/u+5F
MD5:	94B32A451FB1DF3F887BFA39540F993D
SHA1:	2CB4A55B8FF777073B6F3C73E2AA3BCD00A4903B
SHA-256:	87FF3643EB0D5FB9363F6AFDD5FE811DAED551B2F80BB69163A97803FCC06044
SHA-512:	90BB8128CE24E9705773E39963A620539611485B2E8732EA5082EBC8AF174FC4A233A99BD07DA67846CABDCC4D6AC51722A8292579A775A97102FA3434612BB2
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/favicon.ico
Preview:	...... .... .........(... ...@..... .........................LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG............ ... ........LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG........=......................f....LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.LpG.Lp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[2].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/favicon.ico?v2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\icons[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), icons family
Category:	downloaded
Size (bytes):	4388
Entropy (8bit):	5.568378803379191
Encrypted:	false
SSDEEP:	96:2WZx42qACoApC6do8MPOGiN4mER38GTDfO/fv:1x42qAHAo6VMPi6mcTy
MD5:	77E1987DF3A0274C5A51E3C55CEE7C98
SHA1:	9B0FE96AF141AB09183F386F65BC627B8C396460
SHA-256:	EF04649D4D068673CF0FA47EF4C45C8BE291E703F4EC5FC0E507F17839120AA2
SHA-512:	B1E0CFB515FF2298799BA54574899D27B1FC043F66CC4E9591C504F88273B98697B99ED25955DB84986B39ED9F51864611833DC88064B14C29ADC020FBF6E295
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/fonts/icons/icons.eot?
Preview:	$.................................LP...........................G....................i.c.o.n.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.s................ OS/2@.Mn...(...Vcmap.1.........Jglyf..........dhead.9.........6hhea.$.........$hmtx@...........loca". h...L...Bmaxp.3.`....... name............post{NK............................................ ........G..._.<............\|.......\|......................... .T...................................D.l...H.D.l....................................PfEd.@...........................................................................................................................................................................D...........(............................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\lightweightsignuppackage_eMkRivwkcsf4ZMudYC6P8w2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	184781
Entropy (8bit):	5.388572193233939
Encrypted:	false
SSDEEP:	3072:6KXpr1D/3gW4D2XQJt4mdc5vQxef290Ew:tsJt4mbs
MD5:	78C9118AFC2472C7F864CB9D602E8FF3
SHA1:	2DE1B362BCE029C7574289F84AE36318CBAB6693
SHA-256:	2A97E01D393D287DD5D02EA429D85DCB2C09DA4C8D14DAE4D67A449FDC2256FF
SHA-512:	68C2E336B6F7053930E05F562DE345F458C1641337328DA78575E4C7F6A61028F659F363FC35A9B55993BE5A31068A2EEE288464587D42F85FFB0A91BC58E5AC
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/lightweightsignuppackage_eMkRivwkcsf4ZMudYC6P8w2.js?v=1
Preview:	function Encrypt(e,t,n,a){var i=[];switch(n.toLowerCase()){case"chgsqsa":if(null==e\|\|null==t){return null}i=PackageSAData(e,t);break;case"chgpwd":if(null==e\|\|null==a){return null}i=PackageNewAndOldPwd(e,a);break;case"pwd":if(null==e){return null}i=PackagePwdOnly(e);break;case"pin":if(null==e){return null}i=PackagePinOnly(e);break;case"proof":if(null==e&&null==t){return null}i=PackageLoginIntData(null!=e?e:t);break;case"saproof":if(null==t){return null}i=PackageSADataForProof(t);break;case"newpwd":if(null==a){return null.}i=PackageNewPwdOnly(a)}if(null==i\|\|"undefined"==typeof i){return i}if("undefined"!=typeof Key&&void 0!==parseRSAKeyFromString){var r=parseRSAKeyFromString(Key)}var o=RSAEncrypt(i,r,randomNum);return o}function PackageSAData(e,t){var n=[],a=0;n[a++]=1,n[a++]=1,n[a++]=0;var i,r=t.length;for(n[a++]=2*r,i=0;r>i;i++){n[a++]=255&t.charCodeAt(i),n[a++]=(65280&t.charCodeAt(i))>>8}var o=e.length;for(n[a++]=o,i=0;o>i;i++){n[a++]=127&e.charCodeAt(i)}return n}function PackagePwdOn

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	26098
Entropy (8bit):	5.067451352930466
Encrypted:	false
SSDEEP:	384:Z3EReHg2sQhdCdcPxZebPrmuex3dmac3zirs7rOubUr7A/4RkG:lQAg2sQrGbPrmjx3dmac3ziarbAAY
MD5:	1EEF5742FB316DDB48E429FCCB089708
SHA1:	0410B2B0C754FC0A6640DE6EA66CA674025FE8CD
SHA-256:	DC0924A4EB17E28BD545FEA90E234644470649CB538E22C7FBC66081AC36A56A
SHA-512:	0D8FFC4C488DAAF37AE61A7C76DB408FE05D6DC4DF127BA371F898563C1C2E5748B356EB3BD2BE86F70FE63C5BC37309690C01752E523F0BBBBD53F2A61131CA
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_Hu9XQvsxbdtI5Cn8ywiXCA2.js?v=1
Preview:	!function(){registerNamespace("$Config"),$Config.sharedStrings={"errors":{"required":"This information is required.","emailRequired":"An email address is required","phoneRequired":"A phone number is required","passwordRequired":"A password is required","invalidEmailFormat":"Enter the email address in the format someone@example.com.","invalidPhoneFormat":"The phone number you entered isn't valid. Your phone number can contain numbers, spaces, and these special characters: ( ) [ ] . - * /","emailMustStartWithLetter":"Your email address needs to start with a letter. Please try again.","memberNameAvailable":"{0} is available.","memberNameAvailableEasi":"After you sign up, we'll send you a message with a link to verify this user name.","memberNameExistsPhone":"If you own a Microsoft account with this number, go back and sign in.","proofAlreadyExistsError":"This is already part of your security info.","signupBlocked":"{0} isn't available.","memberNameTakenPhone":"The phone number you typed i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\override[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	1531
Entropy (8bit):	4.797455242405607
Encrypted:	false
SSDEEP:	24:Udf0F+MOu2UOqD3426TKgR2Yyk9696TkMYqdfskeEkeGk/ksuF9qaSm9qags:Ud8FYqTj36TKgR2Yyk9696TkMYO0keEW
MD5:	A570448F8E33150F5737B9A57B6D889A
SHA1:	860949A95B7598B394AA255FE06F530C3DA24E4E
SHA-256:	0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
SHA-512:	217F971A8012DE8FE170B4A20821A52FA198447FA582B82CF221F4D73E902C7E3AA1022CB0B209B6679C2EAE0F10469A149F510A6C2132C987F46214B1E2BBBC
Malicious:	false
Reputation:	low
IE Cache URL:	https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css?c=7
Preview:	a.c-call-to-action:hover, button.c-call-to-action:hover{box-shadow:none!important}a.c-call-to-action:hover span, button.c-call-to-action:hover span{left:0!important}...c-call-to-action:not(.glyph-play):after { right: 0!important;} a.c-call-to-action:focus,button.c-call-to-action:focus{box-shadow:none!important}a.c-call-to-action:focus span,button.c-call-to-action:focus span{left:0!important;box-shadow:none!important}...theme-dark .c-me .msame_Header_name {color: #f2f2f2;}...pmg-page-wrapper .uhf div, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf span, .pmg-page-wrapper .uhf p, .pmg-page-wrapper .uhf input {font-family: Segoe UI,SegoeUI,Helvetica Neue,Helvetica,Arial,sans-serif !important;}..@media (min-width: 540px) {.pmg-page-wrapper .uhf .c-uhfh-alert span, .pmg-page-wrapper .uhf #uhf-g-nav span, .pmg-page-wrapper .uhf .c-uhfh-actions span, .pmg-page-wrapper .uhf li, .pmg-page-wrapper .uhf button, .pmg-page-wrapper .uhf a, .pmg-page-wrapper .uhf #meC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\script[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	121249
Entropy (8bit):	5.258860505507024
Encrypted:	false
SSDEEP:	1536:+JXd+YOlaYOyguxH6GdXJKjZtQ3EBJ0PYmwYmEZeQ8Wt2Db7ACu8J8IvC7CQBgAc:ed+YOlaYOyguxHbdX2nX5PaCfey
MD5:	B110D87662D257F657ABCCEF7AF5CD09
SHA1:	FD7519D842B6344448E6F1D69DFFA5F896FAE4A6
SHA-256:	65E82E7414D88BC864191400084C24DA27052E7A61F9F3C1F1EFDFEE433D558C
SHA-512:	EF429EE8701D0748DE81CEE25D15C9674487691ACA8982F6D43DA519E1CDFD5082D9DE5A71D1FB457250828433856BAB4A2CE7E035152FE9C16224FA433D35D1
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=0502864a-b6ef-2f14-9f8e-267004d3a4e0_c5ea3348-55af-729a-2641-14f0312bacf3_742bd11f-3d7c-9955-3df5-f02b66689699_cb9d43d2-fbae-5b5c-827f-72166d6b87fc_49488e0d-6ae2-5101-c995-f4d56443b1d8_7dea7b90-4334-c043-b252-9f132d19ee19_38aa9ffb-ddb5-75be-6536-a58628f435f5_e3e65a0a-c133-43e7-571d-2293e03f85e6_4ca0e9dc-a4de-17ba-f0de-d1d346cb99e2_06310cd8-41c6-3b11-4645-b4884789ed70_5c27e8aa-9347-969e-39ac-37a4de428a8d_d6872b5a-5310-a73c-7cb3-227a3213a1c5_be92d794-4118-193f-9871-58b72092a5ac_64c742e2-b29c-b6c1-fdd9-accf33ec40bd_cf2ceca9-3467-a5b3-d095-68958eee6d4c_cec39dd8-f1d3-56f1-abfc-a7db34ff7b46_ec5fa2c9-3950-ff57-a5c3-1fa77e0db190_d19f9592-65df-bcc9-e30e-439b875c3381_76a3d06f-f11f-77ef-9bfd-6227ba750200_5e1caa45-461c-3b04-f88b-8cd50af16db5_c2dceda8-20b4-7d3f-13b6-9cac67d7df17_914fa41b-cc86-d3b0-4e15-2fdfa357bcc7_40c6c884-da6e-7c2c-081f-4a7dfe7c7245_ae79ba96-1a9d-debd-a5b1-f3067213b9b8
Preview:	function getQueryValue(n,t){var r=new RegExp("[\\?&]"+t+"=([^&#]*)","gi"),i=r.exec(n);return i==null?"":decodeURIComponent(i[1].replace(/\+/g," "))}function getStore(n){var t="ClosestStore.asmx",r,i;$(".store-geo[data-GeoStoreLocalServiceURL]").length&&(t=$(".store-geo").first().attr("data-GeoStoreLocalServiceURL"));i="POST";typeof n!="undefined"&&(r={latitude:JSON.stringify(n.coords.latitude),longitude:JSON.stringify(n.coords.longitude)},t=t+"ClientGeo",i="GET");$.ajax({url:t,type:i,timeout:5e3,data:r,contentType:"application/json; charset=UTF-8",dataType:"json",error:function(){$(".store-geo").remove();$(".store-editorial").fadeIn(1e3)},success:function(n){if(typeof n!="undefined"&&typeof n.d!="undefined"&&typeof n.d.City!="undefined"&&n.d.City!=""&&n.d.StoreUrl!="undefined"&&n.d.StoreUrl!=""){var t=$(".store-geo:first").text();$(".store-geo a").html(t+" "+n.d.City);$(".store-geo a").attr("href",n.d.StoreUrl);$(".store-editorial").remove();$(".store-geo").fadeIn(1e3)}else $(".store-g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\script[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	30000
Entropy (8bit):	5.332708590077928
Encrypted:	false
SSDEEP:	384:ekorlyUMfQ8sW5hXDiWiQRKKwoOdo/r4nqdRy/dRyWhtyFhtyYKQys05DU7BS5hs:0olDi2RKQOOwqjE2l/3FJ1C/n+NYioq
MD5:	C05FC9430255DD778133F63AAA2874FD
SHA1:	23A6970E85C12ACCE64448EBFBB2A7987304E6B5
SHA-256:	3659742C6031A157C576403757CD0BDC2173108554016ED3AFBEAC683BF13FC0
SHA-512:	651E44E0764AE30478891466973C851A4A5CABF9114C1A97777F8CB6E8F8962907B169C8FDCF57620B2BC97C87D5EE2C1AAAB499F8F507864862987C47CE691C
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=8c84dc53-9dee-f42a-46b1-5a93c0e43d70
Preview:	function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".div_content").css("min-height",$(".div_side_comp").height()-27)}function ShowSelectedComponent(n,t){var i=$("#"+t).attr("data-parentModule");return i!=undefined&&i!=null&&($("[data-parentmodule="+i+"]").show(),$("#"+i+" [id$=_LongDescription]").length>0?(document.getElementById(i+"_LongDescription").style.display="block",document.getElementById(i+"_ShortDescription").style.display="none",ShowText($("#"+i+".learnMoreLabel"),"long")):ShowText($("#"+i+".learnMoreLabel"),"long"),DisplayTopNavigation(i)),$("html, body").animate({scrollTop:$("#"+t).offset().top-1},800),!1}function ShowToolTip(){var n,i,t;w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\styles.0dd9295ed5f1a8af32ba[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	91832
Entropy (8bit):	5.046408376530873
Encrypted:	false
SSDEEP:	768:TP4ij1SvTNj31oEDvbK4gsPnfBCYHfzZD+Kyt/1MFiWJbAVzyY2K2+qMdWLq8:ngbN6ELG4gsv7HbZDZyXSeVGi20sq8
MD5:	ED44CBB6184FDCBD88933722FDC40832
SHA1:	AC8A9F6C99F0D6D03B2187652B38CDBA9A5F8D0A
SHA-256:	D4B2A044C59FEA23055F28516FD544DF73243E37B35C71002F4F2270573336FF
SHA-512:	9BD905FF6AA0FEED47E67D9010247829054F2F3ACDD2FC8EFA37AE4D4242AFB390DE07ABF2AC786D3FC42408AB4BCA2125EF5C03B69287340AE36A50642A5FC2
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/styles.0dd9295ed5f1a8af32ba.css
Preview:	@charset "utf-8";*,:after,:before{box-sizing:border-box}body,button,div,fieldset,figure,footer,form,h1,h2,h3,h4,header,html,iframe,label,li,nav,object,p,section,ul{border:none;outline:0;margin:0;padding:0}::-moz-selection{background:#d61f29;color:#fff}::selection{background:#d61f29;color:#fff}html{background:#fff;background:linear-gradient(to bottom,#fff 0,#e6e6e6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);height:100%;position:relative;width:100%}body{background:#fff;background:linear-gradient(to bottom,#fff 0,#e6e6e6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffff', endColorstr='#e6e6e6', GradientType=0);color:#666;font-family:'Open Sans',Arial,sans-serif;font-size:15px;line-height:24px;font-weight:400;letter-spacing:normal;padding-bottom:120px;min-height:100%}h1{color:#333;font-size:18px;line-height:27px;margin:10px 0 20px}h2{font-size:16px;line-height:24px;margin:0 0 20px}ul{l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ux.converged.login.strings-en.min_lx3ffqwkjnm_dkzr2tvi6q2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	42775
Entropy (8bit):	5.400245256189503
Encrypted:	false
SSDEEP:	768:l2MXCo7yAF1tlfretkUNKNa8DRN2ym+d/PngTehK8ObrEkPTPRUbx3Tg/qhZqG3x:fHF1tlfretkUNKNa8DRN2ym+d/PngTeX
MD5:	957DDF7EA58A26733F764CD1DAD562E9
SHA1:	FC998E6D9BE4772E46CCFE69A0550AB2B0436031
SHA-256:	0EDEF2F99395BE4398797ED6C766FC909ED2092C1E3CA19700ECBFA4F84D0602
SHA-512:	68529A65AA0AC629C956E6DD6BE4E26DA1949B66BC48AE0AFC95CA4956B8F48D9D4906568BA0CA10093AE1DDC3D7E59E2E93B1884695B5ED0B91DAD3C7AF4360
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_lx3ffqwkjnm_dkzr2tvi6q2.js
Preview:	!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(4),r=i(5),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\17-f90ef1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	135290
Entropy (8bit):	5.2254562447372
Encrypted:	false
SSDEEP:	3072:1f/HuFzpxJIS20i9d1EwgXA95KSqDCE4t:1f/HuXIZRjt
MD5:	07CB1B6723F61F949C862B399E06B3BF
SHA1:	83ABC38AB7E787F719E859E3EA97D4A634FE61FC
SHA-256:	82A7ACB7D942575069E4067375BEC0C33F1949EA2864BE8BD12E9D6DB74A345D
SHA-512:	D520D31E12A3D2D316347D96E4E3D20D7E5C988A4824228097D1DF0A5AB3F12334096C2ADD5D0A7345EF8A2E674712F84D9F8CFC2E973A2A4DEDA546337C94CD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17-f90ef1?ver=2.0&_cf=20210415&iife=1
Preview:	(function(){/*. @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. /.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a[""]\|\|{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0\|\|r===1&&n[2]===".."\|\|n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u\|\|y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\2_bc3d32a696895f78c19df6c717586a5d[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\LXMCCMOY.htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	21439
Entropy (8bit):	5.798211867469678
Encrypted:	false
SSDEEP:	384:HP/Gb0IEsQdsQvZxyF1Aw8WqyvW+dnwCIUTlLI2M/zvyMEZWpS:v/JH9yF1IWqCdPlG/2d5
MD5:	6C7255996FAF67F0CB83648D8C075218
SHA1:	5B871372CB9702AE6B7CC8E8C2C1BDCF8CB181EA
SHA-256:	9B7EA4DD16A0C44CFAC3CB3AB80F99A4A1440082EEE15CC585FAD14248A3B391
SHA-512:	BFFDD7C497A275AE45F6CF1B14F969B3E4096B4F657FDE9E52F7345698F0DF581A79B93960A6A95074C28F466115BC2DE8F91A6F83E8C6AB4F3B78C84219A2C3
Malicious:	false
Reputation:	low
IE Cache URL:	https://fpt.live.com/?session_id=b1b1c57d0009492d94dbcbc4fdfa73d0&CustomerId=33e01921-4d64-4f8c-a055-5bdaffd5e33d&PageId=SU&mkt=EN-US&ru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26response_type%3dcode%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26scope%3dopenid%2bprofile%2bemail%2boffline_access%26response_mode%3dform_post%26redirect_uri%3dhttps%253a%252f%252flogin.microsoftonline.com%252fcommon%252ffederation%252foauth2msa%26state%3drQIIAYWQMUvDQACFc00b26IoouIkVTqIcOnd5ZJeAiKCaHWwaKmgiySXiy0YI020Iii4OTo4ObpZl9ZJnBx00aWj6B8QJ0cRBOMvkAcPHm_4eC-bwipSzSkZq9jK60LjwuAIEgd7kBKmQ-ZSBxZ1IYoslkaNxmB24Oix08lIcPH87fnh5zvsXoDM5nZ9X6g88FtgrBZFu6FVKETC9kPVr_NGEAZe9NcWtoJbALoAvAPQSuRdhJChORRyxDCkthcDPdOAOnU0zRNFbtr8NdFfnt2LauTPgkb9UFzIeU_YhskQgx4lGqSCM-g4GoGcuBS7pme7GrqRlZjoBzsvMugmwUdyJA0GpNFMTprsQbKVTmfjJOWkryS4TMWrToav29WZ46UrX50ZFxPSU6pQ2aoYzb1yKVpx_I2KWZ0rrx40F0prs4vuOplfRsurrGagql80m9PEwmeK8qQklsJPBZz2SHeZf554zQ4RRDBEOsQshw0LYwvhjXYvuO-TfgE1%26estsfed%3d1%26lw%3d1%26fl%3deasi2%26fci%3d5e3ce6c0-2b1f-4285-8d4b-75ee78787346%26mkt%3dEN-US%26uaid%3db1b1c57d0009492d94dbcbc4fdfa73d0
Preview:	<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.. <title></title>.. <script>var localTarget="https://fpt.live.com/",target="https://fpt2.microsoft.com/",txnKey="session_id",txnId="b1b1c57d0009492d94dbcbc4fdfa73d0",ticks="8D91A1792EB5F6F",ridKey="id",rid="ab33dcf2-ce6f-06f0-2261-0f8a96ac359f",lskey="MUID",authKey="taBcrIH61PuCVH7eNCyH0J9Fjk1kZEyRnBbpUW3FKs%252bhzmNtXzLTx8L97RzPO4RjVri73lhEW9Sz4AwpPwtNIIVBVDoKJPPgMyHu0benRGJd%252fgSfKAb8InL8ZmCBRn60kGeVCttY5ePe1yGCY5GxzzgaeJNXgwhs1d8Ddcnh89E8LhVx7L6mJ836S%252fhxAI2Tewk%252bayh9LjdwB0MtdIxIBi2of4co5zR%252bmM0L7GAlHTyxmwKDfh%252fJ4q%252bvyizNRpRC4PdgrB3IbEv92HPHYwy%252bb2Bmjk5qf%252fg%252fm%252fyCm8wnaIc%253d",lsInfo=true,cid="33e01921-4d64-4f8c-a055-5bdaffd5e33d",splitFonts=false,pageId="SU",pushEnv="";(function(){function c(){var i=0,n;return t&&t.length&&(i=t.length),n="",window.ActiveXObject?(n+="plugin_flash=false",n+="&plugin_windows_media_player=false",n+="&plugin_adobe_acrobat=false",n+="&plugin_silverlig

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\app[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	262641
Entropy (8bit):	4.9463902181496096
Encrypted:	false
SSDEEP:	3072:u+Vd0pBbqPLYoyjFkxD2hAYwJb8ILm731Ss:u+Vd0DePLYoyjFkxD2hAYwJbZLM31Ss
MD5:	7C593B06759DB6D01614729D206738D6
SHA1:	0D4F76D10944933B8DDECFFE9691081439A77A3C
SHA-256:	F7D9FB0479DE843CF3FB0B78FC56BBB9E30BF0A238C6F79D9209FA8B22EFB574
SHA-512:	EF91B610CF17A17AAFB48984B4403EF175EB86096E3F12E23AE8D4C7C96EF60ED14DA3F69721E095CD2ACE3F0A06190186D000992823814BB906F7FB3576C2C1
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/css/app.css
Preview:	@font-face {. font-family: "wf_segoe-ui_normal";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");. font-weight: normal;. font-style: normal; }..@font-face {. font-family: "wf_segoe-ui_light";. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot");. src: url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?#iefix") format("embedded-opentype"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.woff") format("woff"), url("//i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.ttf") format("truetype

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\converged.v2.login.min_ty_bk5wxx82kilmq7o6qlw2[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	108042
Entropy (8bit):	5.290475415950322
Encrypted:	false
SSDEEP:	1536:QpHDgBvguhw+EViazA/PWrF7qvEAFiQcpmUGDvz6yVUn1:xktlyVU1
MD5:	B72FC12B9597C7CD8A8A5310ECEE902F
SHA1:	301AD20CCEF3B7247E716DA874E43B193AB3CBF2
SHA-256:	2D7A11BA79B08B7C687E4A80E11E5004E2CE2786FA96666104BFE3A4289F658B
SHA-512:	D667089D42707677E0E23045EB97452268AAF5588EBD6D7F0D2A7A88564CCE9C13405FED53FA602439B199FD3D1E7ACC16F6A632557CD6EA3700C699788D6F9F
Malicious:	false
Reputation:	low
Preview:	/! Copyright (C) Microsoft Corporation. All rights reserved. //*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\convergedlogin_presetpasswordsplitter_9df00b568d583d28a916[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	4346
Entropy (8bit):	5.156218196886718
Encrypted:	false
SSDEEP:	96:jPjDXOMS1WfA3GAWLZB8oomsewCEL3Qej1LjpVV:jP7UGPLZeNLbLNVV
MD5:	3049AEE8B8B1D194DDFE0BD455F10C85
SHA1:	5046BD60E13B9B1D79441D4C7AB6DE2686746459
SHA-256:	51857DF13C2FE3C22CE11C70F9027E1E5A8E72266A9CC84039E52E191F4934B0
SHA-512:	75CDA538867574B4F56F52FB095BA30C188248431BC9B7C91D5A7806EF55905318B731CEF678019579E98CB272E595798E7603DD44E4E8B4AEF5E4C1B913F455
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_presetpasswordsplitter_9df00b568d583d28a916.js
Preview:	/!. ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[32],{420:function(e,t,i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-1.11.2.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	95931
Entropy (8bit):	5.394232486761965
Encrypted:	false
SSDEEP:	1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9d:A4Ud4qhJvNPqcB47MfWWca98HrB
MD5:	5790EAD7AD3BA27397AEDFA3D263B867
SHA1:	8130544C215FE5D1EC081D83461BF4A711E74882
SHA-256:	2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
SHA-512:	781ACEDC99DE4CE8D53D9B43A158C645EAB1B23DFDFD6B57B3C442B11ACC4A344E0D5B0067D4B78BB173ABBDED75FB91C410F2B5A58F71D438AA6266D048D98A
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Preview:	/! jQuery v1.11.2 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.2",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\main.ff07eaa390e99a40b11c[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	559791
Entropy (8bit):	5.2348621272108256
Encrypted:	false
SSDEEP:	6144:nb6nSdNJpxC1UdWEJozZhu5loL6TOUmI8pzvW7730x4:cSdndUZW2Kb7730x4
MD5:	6BDCD2EA1AF437AE692B2A8FA79B95B8
SHA1:	B57A060CC8CBE7519E97761337E13F06E97BBB28
SHA-256:	0CE00BA134B16C7BBC4A6C57F90FAEF114A2E2528DE7227B5CE707A7900F9753
SHA-512:	D8B9EB211161A5D37DE4C9193E5CD9A436A9317DF71E3EE8196E44A39F859AD071532E3F2DFB17A99C9937CE9AD0D5EB13E3A4673A2D064FB07BD3BC001D7706
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/main.ff07eaa390e99a40b11c.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[1],{"+tJ4":function(t,e,n){"use strict";n.d(e,"a",function(){return r});var r=function(t){return function(e){for(var n=0,r=t.length;n<r&&!e.closed;n++)e.next(t[n]);e.closed\|\|e.complete()}}},"+umK":function(t,e,n){"use strict";function r(){}n.d(e,"a",function(){return r})},"/WYv":function(t,e,n){"use strict";function r(t){return t&&"function"!=typeof t.subscribe&&"function"==typeof t.then}n.d(e,"a",function(){return r})},0:function(t,e,n){t.exports=n("zUnb")},"0/uQ":function(t,e,n){"use strict";var r=n("6blF"),o=n("/WYv"),i=n("2ePl"),a=n("xTla");var s=n("En8+");var u=n("IUTb"),c=n("pugT"),l=n("S5XQ");var p=n("u67D");var f=n("JcRv");var h=n("Fxb1");function d(t,e){if(!e)return t instanceof r.a?t:new r.a(Object(h.a)(t));if(null!=t){if(function(t){return t&&"function"==typeof t[a.a]}(t))return function(t,e){return e?new r.a(function(n){var r=new c.a;return r.add(e.schedule(function(){var o=t[a.a]();r.add(o.subscribe({next:function(t){r.a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\marching_ants_white_166de53471265253ab3a456defe6da23[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 352 x 3
Category:	downloaded
Size (bytes):	2672
Entropy (8bit):	6.640973516071413
Encrypted:	false
SSDEEP:	48:ZaOdwduTYPpS9pZy9vDNi1miicsvrJkafMiS+MGQ09DU/X9/4Xp6m5Z9SQcq:4CIuTYPpSTc9vcPZX9/2gzQ/
MD5:	166DE53471265253AB3A456DEFE6DA23
SHA1:	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
SHA-256:	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
SHA-512:	80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
Preview:	GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;...\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\oneds_Xr2D7Nex80v7A-8bxF8jgQ2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	82052
Entropy (8bit):	5.312628857785992
Encrypted:	false
SSDEEP:	768:paVnZVNvlcxbEFWEI3+d8lLCNMnSpjaQ2Z8q2G/b8bSqY4gs8Lh1mAXbQON9fAvC:cuediuNMk1T/qTlAvrQUAluA
MD5:	5EBD83ECD7B1F34BFB03EF1BC45F2381
SHA1:	CD1E0062A04B11EEB36586766BF5144955250E65
SHA-256:	4C57821AA26F21DEEBC39E3C750BC4FE246C430E5E50F4ADD0CFF53943C8C608
SHA-512:	9B56B2F1F301AD65D03514E1EC557830501805CBB81A891A518601898AE4F3C8A4C063D64036C2E8F1E539E5989CB608D535A01552BCADF008B53D1B699E9E88
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/oneds_Xr2D7Nex80v7A-8bxF8jgQ2.js?v=1
Preview:	/!.. 1DS JS SDK Core, 2.3.4.. * Copyright (c) Microsoft and contributors. All rights reserved... * (Microsoft Internal Only).. */..!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n(exports):"function"==typeof define&&define.amd?define(["exports"],n):n(e.oneDS=e.oneDS\|\|{})}(this,function(c){"use strict";var i="function",o="object",n="undefined",a="prototype",s="hasOwnProperty";function e(){return typeof globalThis!==n&&globalThis?globalThis:typeof self!==n&&self?self:typeof window!==n&&window?window:typeof global!==n&&global?global:null}function r(e){var n=Object.create;if(n)return n(e);if(null==e)return{};var t=typeof e;if(t!==o&&t!==i)throw new TypeError("Object prototype may only be an Object:"+e);function r(){}return r[a]=e,new r}function t(e){for(var n,t=1,r=arguments.length;t<r;t++)for(var i in n=arguments[t])Object[a][s].call(n,i)&&(e[i]=n[i]);return e}var u=function(e,n){return(u=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(e,n){e.__prot

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\polyfills.2daf523d1a5fc162c0c2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	106404
Entropy (8bit):	5.3639815962876245
Encrypted:	false
SSDEEP:	1536:YyflEEubPTjjvY+tIQF74PO99i0kcUHfrcd:YyfaE+jN4PcyY
MD5:	920DBA2A9D981A1FB6B23EEB3808E063
SHA1:	9F6B8B0E38CD21ED64BA6EFC98DB8DD2755D220C
SHA-256:	7750ADF4099B74C0BEC40860C75B3EBC889724558944BC1C03EE0C91F0605D8C
SHA-512:	F7D7F67D7DE7497C64B224B7ED653A97794C0E8F5B65E3A0853B423FE5B9C4E40F875837FF2E0380FE2B92C4FD60E5A93588F09386AE5000D1325FEFC94B837C
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/polyfills.2daf523d1a5fc162c0c2.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{"+auO":function(t,e,n){var r=n("XKFU"),o=n("lvtm");r(r.S,"Math",{cbrt:function(t){return o(t=+t)*Math.pow(Math.abs(t),1/3)}})},"+lvF":function(t,e,n){t.exports=n("VTer")("native-function-to-string",Function.toString)},"+oPb":function(t,e,n){"use strict";n("OGtf")("blink",function(t){return function(){return t(this,"blink","","")}})},"+rLv":function(t,e,n){var r=n("dyZX").document;t.exports=r&&r.documentElement},"/KAi":function(t,e,n){var r=n("XKFU"),o=n("dyZX").isFinite;r(r.S,"Number",{isFinite:function(t){return"number"==typeof t&&o(t)}})},"/SS/":function(t,e,n){var r=n("XKFU");r(r.S,"Object",{setPrototypeOf:n("i5dc").set})},"/e88":function(t,e){t.exports="\t\n\v\f\r \xa0\u1680\u180e\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200a\u202f\u205f\u3000\u2028\u2029\ufeff"},"0/R4":function(t,e){t.exports=function(t){return"object"==typeof t?null!==t:"function"==typeof t}},"0E+W":function(t,e,n){n("elZq")("Array")},"0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\privacystatement[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	345166
Entropy (8bit):	4.862295474705609
Encrypted:	false
SSDEEP:	3072:Ny698dTd87wNHDmBS9v+6WjUi0/VYryCGTtLruCkUIx4z7ZV/BdQZyBKRkugyZCX:N487yjrtR/Or2tn8yQIyZCSDH+BdN
MD5:	550923928BEF1F60F8797AD568FD0CEB
SHA1:	E3DE205E05D27B54B9E3E87DC10E33DBE6345F19
SHA-256:	2DE1F7AF2B32B260E717E354EE012DFEFFB11B3F0560B7A6A79E12760587FBCF
SHA-512:	85EC25623CCA6CF3A8E7299827E653C5A2BACA33224E5D020B835916087A681A3346BA81F8E200CC1B5E4FAEE14F5750785CA900EB3130EA0B36D7EFBC3F5008
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="shortcut icon" href="https://www.microsoft.com/favicon.ico?v2" /><script type="text/javascript" src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js">.....// Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft. See ASP.NET Ajax CDN Terms of Use - http://www.asp.net/ajaxlibrary/CDN.ashx... </script><script type="text/javascript" language="javascript">/<![CDATA[/if($(document).bind("mobileinit",function(){$.mobile.autoInitializePage=!1}),navigator.userAgent.match(/IEMobile\/10\.0/)){var msViewportStyle=document.createElement("style");msViewpo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\shell.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	82190
Entropy (8bit):	5.036904170769404
Encrypted:	false
SSDEEP:	1536:tJzwN0CbUTqI34/9w6/Qua+1IGEbjBko230WBYT:vyA
MD5:	1F9995AB937AC429A73364B4390FF6E8
SHA1:	81998DCC6407CEB5CEF236AD52B9F2A3A9528D3B
SHA-256:	49E5166F40D8586714F86E08AB76A977199DF979357147A0E81980A804151C2A
SHA-512:	6669AE352FF46DB734BB8F973D1C0527C3A5EC4119D534AAE4C33F29EFF970168ED5FE200A05D4E1B6A2EC0E090E2207549B926317D489DC7664B0D9C2085465
Malicious:	false
Reputation:	low
IE Cache URL:	https://assets.onestore.ms/cdnfiles/onestorerolling-1510-19009/shell/v3/scss/shell.min.css
Preview:	@charset "UTF-8";@font-face{font-family:'wf_segoe-ui_normal';src:local("Segoe UI");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.ttf") format("truetype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.svg#web") format("svg");font-weight:normal;font-style:normal}@font-face{font-family:'wf_segoe-ui_semilight';src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot");src:url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.eot?#iefix") format("embedded-opentype"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.woff") format("woff"),url("//i.s-microsoft.com/fonts/segoe-ui/west-european/semilight/latest.ttf")

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	979
Entropy (8bit):	4.957482467819343
Encrypted:	false
SSDEEP:	24:Cn5ZoK2kTL01MCJZ4ZVaeao1DphsILHJNM2WXgEXgf0Xgm:u5d8pJZ4+BWIIPLQ73/
MD5:	B4477ABE2C9D12A8E10E11928E504297
SHA1:	19A176757F612216F0230DE4A3D3F95D68F175B1
SHA-256:	3FCD581519B018D93D9DAE37D5970AC475B48502107BCB00EB59856563BF9FF0
SHA-512:	C45A79E2454755E565DF8A55433FFB9A5807A88C1CDE4ED24D03D60CA4182340DBF876A2E79A64C7C2165D75BA9DEF610B5A54E96048969C5AC296E0045A0E98
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSStyles/style.csx?k=cb462728-939d-977c-84a3-09e18f84e77a
Preview:	body .grid,.body-open .grid,.grid h3,.grid .h3,.grid .header-small,.grid strong,.grid .body-tight-2,.grid h1,.grid .h1,.grid .header-large,.grid .caption{font-family:"Segoe UI"}.grid .row h1,.grid .row h2,.grid .row h3,.header-small label{font-family:wf_segoe-ui_light,wf_segoe-ui_normal,Tahoma,Verdana,Arial,sans-serif}.grid{max-width:1600px !important}.c-uhfh-actions,.c-uhfh-gcontainer-st .all-ms-nav,.glyph-global-nav-button{display:none !important}.shell-header-wrapper,.shell-footer-wrapper,.shell-category-nav,.shell-notification .shell-notification-grid-row{max-width:1180px !important}.PsTitle{font-family:Segoe UI,sans-serif;margin-right:.3em !important;font-size:2em;display:inline-block;vertical-align:top;margin-left:-.02em}.childModule{margin-left:8% !important}.CollectingYourInfoRightNav{display:none}html[dir=rtl] .m-r-md{margin-right:0;margin-left:10px}html[dir=rtl] .m-l-md{margin-left:0;margin-right:10px}html[dir=rtl] .m-r-bl{margin-right:0;margin-left:40px}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ux.converged.login.strings-en.min_lx3ffqwkjnm_dkzr2tvi6q2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	42775
Entropy (8bit):	5.400245256189503
Encrypted:	false
SSDEEP:	768:l2MXCo7yAF1tlfretkUNKNa8DRN2ym+d/PngTehK8ObrEkPTPRUbx3Tg/qhZqG3x:fHF1tlfretkUNKNa8DRN2ym+d/PngTeX
MD5:	957DDF7EA58A26733F764CD1DAD562E9
SHA1:	FC998E6D9BE4772E46CCFE69A0550AB2B0436031
SHA-256:	0EDEF2F99395BE4398797ED6C766FC909ED2092C1E3CA19700ECBFA4F84D0602
SHA-512:	68529A65AA0AC629C956E6DD6BE4E26DA1949B66BC48AE0AFC95CA4956B8F48D9D4906568BA0CA10093AE1DDC3D7E59E2E93B1884695B5ED0B91DAD3C7AF4360
Malicious:	false
Reputation:	low
Preview:	!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(4),r=i(5),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\v4[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2178
Entropy (8bit):	5.857286404621155
Encrypted:	false
SSDEEP:	48:0CJhKaXpczCaA0s5qcX58PAJ4wh5dWhpTztfiITdi43MDyLi3KE:lhLXSmL0Cqcifxh1z/ximMjd
MD5:	3DBFE1CCCF6143107D9BAB6CECE7AF9D
SHA1:	A9E519C253AD58E5E64EBE2559C1F5660B277BFA
SHA-256:	E8621E6453B618BEA66FA093C16CF86956B352F05CA0EC7471BC7A8E0B82A71F
SHA-512:	EA975F078349D9E0C8868D9F0A6A486A29B77441C6E562E82F23FD4E8B9862EF0D71933D664BC92062BF63916F43B452ACE88A4FE447DE37C08E30A96498C43E
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/v4?f=3pz_yW0NA22yxsJRB4LMQt2SVhSti4OAj0CfTeBEb2u-FyqaQ2qLa2AIXz9JKMU2E1Y1rA6PPdKncWQfkmWfGw&i=5G2phwdKRW4_2obgsLvCS3Vc392P_SHqt805aVOSG9sXbI1SoikCxJPhJBUgsv1LRtdLUrlosnB46Eow5hOOeQ&k=ORBM&r=OEROF8j8fuG9MU8jrcHyGyKxL3yqsLrFYRBf9ZS2F4WDA7N6yewbJufoo5284hp_&s=a6c6d7a61b60faf5927374790c7727126fbf047a9bf2ac4c9a33cdf4cc173e79&u=https%3A%2F%2Fnam04.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Furlshortener.teams.microsoft.com%252F8D8DE5816FD51DB-7-13%26data%3D04%257C01%257Cgoretti.zertuche%2540talisis.com%257C53ccfd1a3b9f487ca81808d8e9f26adf%257C68b562d29e7f47a3be13eddbc4f27033%257C1%257C0%257C637516574876826991%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C1000%26sdata%3DZS45cljXVJM4zo3PvWJcM3R5c2trEmEhUhUB3sPgqAc%253D%26reserved%3D0
Preview:	<!doctype html>.<html lang="en" data-logo="custom/images/bp7pgi8di4ig7921c2j0.png">.<head>. <title id="text-title">Anti-phishing analysis</title>. <base href="https://m365.eu.vadesecure.com/safeproxy/">. <meta charset="UTF-8">. <meta name="vsc-antiphishing" content="1.0">. <meta name="viewport" content="width=device-width, initial-scale=1">. <link rel="icon" href="./favicon.ico" />.<link rel="stylesheet" href="styles.0dd9295ed5f1a8af32ba.css"></head>.<body data-users="{"context":{"emailFrom":"al.rodes@efficienceconsultants.com","emailTo":"ajalu@lamutuellegenerale.fr","login":"d724cc0a-ed2e-4379-8619-7ef493dd6ba5","time":"","action":"","IIP":{"url":"https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furlshortener.teams.microsoft.com%2F8D8DE5816FD51DB-7-13\u0026data=04%7C01%7Cgoretti.zertuche%40talisis.com%7C53ccfd1a3b9f487ca81808d8e9f26adf%7C68b562d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\4.10058cc921dd9b1421f1[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	25336
Entropy (8bit):	5.302936380065723
Encrypted:	false
SSDEEP:	768:JXJXUkOzJn6jS92/hA8Y02uorwATAafAvEeqn:en2wrDJ
MD5:	232C3CBD76E915016E9286863366F659
SHA1:	9C396E95A5F00496FC494060088696F94ED87F13
SHA-256:	A018E8B69F78378542EAEF5279D9DAF7567F4354C6E2C43894A5652497D8ABD9
SHA-512:	0829D4CE63D95CAABEAB3368FC830C87CAD475720CB750E8A4ADA6BCE961EDE4200A937DD777BC508B066293EFC47CF5B601EEED9E5604EF91DEDB4DAC2E086B
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/4.10058cc921dd9b1421f1.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[4],{J66h:function(module,exports,__webpack_require__){var __WEBPACK_AMD_DEFINE_ARRAY__,__WEBPACK_AMD_DEFINE_RESULT__;!function(l,n){module.exports=n(l)}("undefined"!=typeof self?self:"undefined"!=typeof window?window:"undefined"!=typeof global?global:this,function(global){"use strict";global=global\|\|{};var _Base64=global.Base64,version="2.5.2",buffer;if(module.exports)try{buffer=eval("require('buffer').Buffer")}catch(err){buffer=void 0}var b64chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",b64tab=function(l){for(var n={},t=0,e=l.length;t<e;t++)n[l.charAt(t)]=t;return n}(b64chars),fromCharCode=String.fromCharCode,cb_utob=function(l){if(l.length<2)return(n=l.charCodeAt(0))<128?l:n<2048?fromCharCode(192\|n>>>6)+fromCharCode(128\|63&n):fromCharCode(224\|n>>>12&15)+fromCharCode(128\|n>>>6&63)+fromCharCode(128\|63&n);var n=65536+1024*(l.charCodeAt(0)-55296)+(l.charCodeAt(1)-56320);return fromCharCode(240\|n>>>18&7)+fromC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\Me[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Category:	downloaded
Size (bytes):	2347
Entropy (8bit):	5.290031538794594
Encrypted:	false
SSDEEP:	48:gCgF0+kNL5iQ6+GhB+SYWzGuesAFcsGJOzgO6FIEv+sj+M++sx+suse+swsosmC0:gC3Na5+GX+Ti2XsYE2sqAsosushswsoB
MD5:	E86EF8B6111E5FB1D1665BCDC90888C9
SHA1:	994BF7651CB967CD9053056AF2D69ACB74DB7F29
SHA-256:	3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
SHA-512:	2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
Malicious:	false
Reputation:	low
IE Cache URL:	https://login.live.com/Me.htm?v=3
Preview:	<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s(\w+)\s=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f\|\|e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("\|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\RE1Mu3b[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4054
Entropy (8bit):	7.797012573497454
Encrypted:	false
SSDEEP:	48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d
MD5:	9F14C20150A003D7CE4DE57C298F0FBA
SHA1:	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
SHA-256:	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
SHA-512:	D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
Malicious:	false
Reputation:	low
IE Cache URL:	https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Preview:	.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	224
Entropy (8bit):	5.066130335315081
Encrypted:	false
SSDEEP:	6:tI9mc4slz2lWjVRqtmd9QA0ZcTKhqnR40Y:t44lWjVRqtnA0Zcq6R40Y
MD5:	2974998C6B3220B65AA137F4B08F57F8
SHA1:	F4F08DA689179DE68EE40CD12ECDCC5AC54B3979
SHA-256:	96D52BD03E244A44931A541A807067792D638DD29EC14A87A78F2BE85D12D19A
SHA-512:	6B4F2439CA99109A7C97828E5972A8E7C7FCA3745B2FB4738EBD9329A99234A8CD3BC4C0C48B5BAA917D4BAA64CDAEB5D74456DEFDDDA3E07FAA803283BE0287
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="36" height="36" viewBox="0 0 36 36"><title>assets</title><path d="M18,22.484l-8-8,.969-.968L18,20.547l7.031-7.031.969.968-8,8Z"/><rect width="36" height="36" fill="none"/></svg>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/images/favicon.ico?v=2
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicon[2].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\jquery-1.7.2.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	94840
Entropy (8bit):	5.372946098601679
Encrypted:	false
SSDEEP:	1536:8YRKUfAjtledhTmtaFyQHGvCXsedOgRc9izzr4yff8teLvHHEjam7W5X3yzSiLnM:VUb6GvCu09s2o2skAieW
MD5:	B8D64D0BC142B3F670CC0611B0AEBCAE
SHA1:	ABCD2BA13348F178B17141B445BC99F1917D47AF
SHA-256:	47B68DCE8CB6805AD5B3EA4D27AF92A241F4E29A5C12A274C852E4346A0500B4
SHA-512:	A684ABBE37E8047C55C394366B012CC9AE5D682D29D340BC48A37BE1A549AECED72DE6408BEDFED776A14611E6F3374015B236FBF49422B2982EF18125FF47DC
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Preview:	/! jQuery v1.7.2 jquery.com \| jquery.org/license /.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView\|\|a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"\|\|e===""){ck\|\|(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl\|\|!ck.createElement)cl=(ck.contentWindow\|\|ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTyp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\latest[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI Semibold family
Category:	downloaded
Size (bytes):	30643
Entropy (8bit):	7.976822258863597
Encrypted:	false
SSDEEP:	768:UOtV1asJ9G0dAdnVrKX/HkVJRPvkgxYZ4Zoe:bLasJ9G0u0fk/RnkgxGof
MD5:	E812BA8B7E2A657F2B70CFACE93C7682
SHA1:	2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD
SHA-256:	3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9
SHA-512:	354B2DB12BC1D67F26F94352B0B663DAD64C46C107454FC19CFEA01C54BB09340BC26C06DE1B96FF826F5287CE246A6317722BAE41B72B63BA86FDAF844BA94E
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/semibold/latest.eot?
Preview:	.w...v......................X.....LP#...B.............. ..........................".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2...".S.e.g.o.e. .U.I. .S.e.m.i.b.o.l.d........H.P..lb.7^......U.D.-..iu...:4P\..GLFM.Y.#?.;..-...~}_).z{.rmD.1".$.....{.t.....=...!cK...%.~.....g........j.9S....6. ..n..V.]pz...e.....#X...=,.p.F..6&.VR...k$~J..n....7.......K.8..T.....x..J......#.J.XaQ.Q%_{3..xr.... 0Dm...k..Ep..........>..?Pk!KB..C...Q.q..1=6<,.S.F.&B..J.....ya2b."S.......6.2.......H........09A...Tb/.&.d..#.E.:.E.(..I5.M..444d.1........K..l...l.O..VBb...:..:b..Mh.'=4.d/..o.k.mMm........bx..!..S.@E.....>@:..k.JCas..7."..uG3hR.h..w..8W>.4.........pX....J..a....}.Y......(>H^=.`=.mg.!.....w'...J.<.ob..3A .../.....5%.'....XS0a......I.Ia....a...=..g..........{V1+.."_)7$2 O..!bb.=..\|.s.1..2qm..#.O......+E(I..1....EgQ.....E)R.m.?.8.q...J.G.@!f..n.F.r#..(..2p.?.9.8..?.d]..s..0.9.f..A...r.iq....x.g.aO....S.....R0i..BT.yl.".<k...:&Ja.\.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\load[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 418 x 259
Category:	downloaded
Size (bytes):	23557
Entropy (8bit):	7.892963031221292
Encrypted:	false
SSDEEP:	384:JSAdm1wM3ruY0g7xLcpugYrQd5SPN9JUHFUOmWWYAc+bPl8rBWKo/ZrtgIK4fY2n:DlMbuM7SporQdSrGFHmWTAbPOWKqtg1W
MD5:	D45D9D8E4E3079436E92C380CD0B8BC3
SHA1:	FF1214490B87E271B46EC44B93CE0AA79A0DCEEB
SHA-256:	30EB475F14F73BE19CFF240002E7FA21071BBF7C335DDF473E2BB0786E81B337
SHA-512:	DA06E07F8BF5D4FBF01939BEACBC114EB9A95E89E8A896C292BB37E714044FAF683EAD8D5635AAD27EFC03CE8C2E3E82DDAFFEC41DEAE08497CCD45B4EBFAE81
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/images/load.gif
Preview:	GIF89a........~.....................................................................................................................................................................................................................................................................................................................................~............................................................................................................................\|..........................~..}.............}............................................................................................................\|........................................................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="ht

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\marching_ants_b540a8e518037192e32c4fe58bf2dbab[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 352 x 3
Category:	downloaded
Size (bytes):	3620
Entropy (8bit):	6.867828878374734
Encrypted:	false
SSDEEP:	48:ZumKaT5ezv47j2/ZiRDlq16x8XvEUcg777shHdpHVGJqFd:Eal647jPDlL8XvEUcg77kVGyd
MD5:	B540A8E518037192E32C4FE58BF2DBAB
SHA1:	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
SHA-256:	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
SHA-512:	E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
Preview:	GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.).....!.......,....`.....9.....i..l.go.....H..".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H...-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\wcp-consent[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	255440
Entropy (8bit):	6.051861579501256
Encrypted:	false
SSDEEP:	6144:PIgagvUI0iDsW9Whsredo7NjIZjIZP0aNWgF9Dyjzh:PIgaHI0iIUedo7NjIZjIZP0o74t
MD5:	38B769522DD0E4C2998C9034A54E174E
SHA1:	D95EF070878D50342B045DCF9ABD3FF4CCA0AAF3
SHA-256:	208EDBED32B2ADAC9446DF83CAA4A093A261492BA6B8B3BCFE6A75EFB8B70294
SHA-512:	F0A10A4C1CA4BAC8A2DBD41F80BBE1F83D767A4D289B149E1A7B6E7F4DBA41236C5FF244350B04E2EF485FDF6EB774B9565A858331389CA3CB474172465EB3EF
Malicious:	false
Reputation:	low
IE Cache URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent=function(e){var a={};function i(n){if(a[n])return a[n].exports;var o=a[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,i),o.l=!0,o.exports}return i.m=e,i.c=a,i.d=function(e,a,n){i.o(e,a)\|\|Object.defineProperty(e,a,{enumerable:!0,get:n})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,a){if(1&a&&(e=i(e)),8&a)return e;if(4&a&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&a&&"string"!=typeof e)for(var o in e)i.d(n,o,function(a){return e[a]}.bind(null,o));return n},i.n=function(e){var a=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(a,"a",a),a},i.o=function(e,a){return Object.prototype.hasOwnProperty.call(e,a)},i.p="",i(i.s=1)}([function(e,a,i){window,e.exports=function(e){var a={};function i(n)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:	48:yvswNIBLBpJawmMH44log6gw/MHm7pJroog6gwkMH9Xog6gwdMHdqdyqog7C:ykfXYx+odPcs9B
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	low
IE Cache URL:	https://signup.live.com/Resources/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\52-7ec320[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	169165
Entropy (8bit):	5.043574839315944
Encrypted:	false
SSDEEP:	3072:jzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCxh:jlZAjLkJeTC
MD5:	FC80EE0EE4C1195A0A3573C1F22E53A8
SHA1:	82AEF853A84BE4A2C3684E67ED83F577DF61557A
SHA-256:	1B61B75684F6AC70F426526277CC6730A26CA157B7632FF0EB6A2DC4D15D94C8
SHA-512:	C367661A89582A133F88D6E141BAF95AF4C3DA42ED27954B856DD52B1D2593A9ED8B1EFE4BC176F845F5BD2FCDF14CEEA172AF7F68ACB334ADA871CD99F2BAFA
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/16-3b4837/cf-7f2b14/7b-5ab060/b2-7c2f2c/af-85090f/b0-adecbe/42-6d7c67/52-7ec320?ver=2.0&_cf=20210415
Preview:	@charset "UTF-8";./! \| Copyright 2017 Microsoft Corporation \| This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise././! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css /.body{margin:0}.context-uh

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\Print[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	476
Entropy (8bit):	7.35124642782842
Encrypted:	false
SSDEEP:	12:6v/78/8QCeKXzjl5V6VQTdwbtsxET1SDQi7N:sNfF6VYd6tf1SdN
MD5:	B8E8859FCD4E43D51233559C17A3C7BD
SHA1:	F0CA023F26A84761995FA0BF6935DE6A3B8AE6F8
SHA-256:	DC15A37B4015D0DECF639006E4F9002E742DDBFD7C669EC0AE469057F238B78D
SHA-512:	3605E4C4FE22E6E05553F89D34CFE8B3E5CA72FBDADCCD8B279835A0ECEFCD10B1BF2AD1ACCEEB168EE369E23A8AD205720FBF33A184188A7F23AEA7B0F22005
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSImages/Print.png?version=03620f3a-5d1e-5a73-a117-a2f71eee437d
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....IDAT8O.S;..A.........M6.4....@.47....^I..<."&..W..Y...Y...........m...E.<..$..n...j..kL&......}.j.......)@......r..Q....]. .+.w...f3.R)...2^...ddO.^..Ud.BE..D..h...!........h..p..t...9.........1.."tD.......y.h.AQ.{."...J.D.U....c.b.i.h.t:..$&q..J..n.+9.r..B..F...e..`<...oS....Z-.H....NG...Jl..D.Z..@!...s<....m.'Ll..vc.?..~..v.n.9.;.m.5..K.A ......z=../>...M....r9..~.....go.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\arrow_px_up[1].gif Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	GIF image data, version 89a, 7 x 9
Category:	downloaded
Size (bytes):	829
Entropy (8bit):	0.6055646407132698
Encrypted:	false
SSDEEP:	3:CKY1q/rylAxrt/laIFBYEQvyIFle:sGFaIFBYfvDfe
MD5:	95B65C94F57061E15ECC8304D3E578D5
SHA1:	A7483D668A780949FDA842F39877A3C08D0FC51C
SHA-256:	BDA2D6EB8E72B3DBCA5EEF086178033F8A2BB3481180B2C63295FCF23843D960
SHA-512:	B17552D90D0038531A5F4E78DA553F9109346CB25851F38996BFAB54906A898DE848FEFFD31E8D0BF0A32D956513CA7ED72D2F4C3AE47922C6F9D370584288EF
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSImages/arrow_px_up.gif?version=27f11222-771f-bb95-a744-f0b962f89b91
Preview:	GIF89a...........3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,............... .`.....\8....!>L(.b@.;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\bp7pgi8di4ig7921c2j0[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 287 x 100, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	11583
Entropy (8bit):	7.97299288530749
Encrypted:	false
SSDEEP:	192:dHWkg4bl1+QTSPSw7zFufSNvDd0jCo8j0htcPwNVSi:dXg4blnePN8a+Otj0ncuAi
MD5:	9382F1504BADB91861BEB5A064888A3C
SHA1:	035A432CCD7C160001B4B03C67CEF50E5F36E2CD
SHA-256:	41D0F496BDCC222A358C2A0BABC072C4367C88F6DE550F5F16FEA5565EED2269
SHA-512:	3689C184B3C9E7A8225DF9AC70B322852BF9658A0DA55B1DA226920532313CA18967D93FC9C6FD62FDA143C94C9D15E2F2C783EC4C1B772D64922CD605469D79
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/custom/images/bp7pgi8di4ig7921c2j0.png
Preview:	.PNG........IHDR.......d.....0.....-.IDATx...x.........d[.e.d..r....1.N(.-!.\.Mn....K.......0.f..1..q7...$.X.oo3s......Z.V.es....f.93;.S...0.c....5..(SR.\...........E]........BQ...p..KAa.P..0\(.RP...u)(........E]........BQ...p..KAa.`.u.D.!8(p..w..\|U.^^...Q%[....\0!}.x.E.Y....5.^..].;.>.T.z_.{%.!..@0..[...s..b....`.....Ywm....'..].R].c_U[.G.j...ls..0&...."..8.....,.c.;...u..\8k....V....A.... .>S_.....o..@.f...e.. @...@...E...S..9w<..l.`.&%W......Y..)....O.G.."4.EEaB ...1..K ..P..!@.$6Z...\|.d..yO]G...5.).....B?..3W..\...G.... . ...).F.T/@.1..t.....$4..@.r.h.........)-..U...W..o..Z(.R,./.(F..d d E....d.d!...... ..P.'h.7.V.]j.gw.b.5....~..."...y.....+.E.(Qc.E....1.J...o...]/3.:.\......u].....U((D..V..Xe.Cbc%..f..F...5F...'.]...}FZj.X@..(3-`..].v......}.._..B4Dk..:......yD..M...B..N&8......y..5..R.K}YB.$...)@Q.Q../Q]...P*@.!.%L'....~...-...U.i07`. .. .!P.Y..d.....<'P...L...q\|..$@<.V..B............;.9...[]8.h-.K.5....Yd.:"..9.^p...p.Q(I..uEa(..@

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	8111
Entropy (8bit):	5.339313763115951
Encrypted:	false
SSDEEP:	192:nEAKv577D9kgT/xwj9O8hFNFxgLdQ0Eoxr:E177Dj+yt
MD5:	87EFFB0BB533C1D79F5C94FD9E30C14D
SHA1:	4E4F5F3CDDDDBFDDB46A1626D7CE579A639DE389
SHA-256:	617E32CA57507098771FD30AF6B9DCAB063448F6D7E0BC6D6557DD1895F80543
SHA-512:	CB107C09F9A32D85BF2AF714EE9BF7CE2649AA33E63C2255D4BBD281E3CDA8FBDFA2E58212E8004AEEAAB4DD8C94543F82187C7673189CACBDD5CD8C26C563F7
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2.js
Preview:	!function(){function e(e){function t(e){return e&&e.state==l&&(e.prev&&(e.prev.next=e.next),e.next&&(e.next.prev=e.prev),D==e&&(D=e.next),$==e&&($=e.prev),e.state=u,e.prev=e.next=null,y--),e}function a(e){if(e&&e.state==u){var r=$;r?(r.next=e,e.prev=r):D=e,$=e,e.state=l,y++}}function f(){!q&&!b&&y&&x>w&&(b=window.setTimeout(g,s))}function v(e){var r=(new Date).getTime()-e<i;return r}function g(){var e=(new Date).getTime();for(b=0,q=!0;y>0&&x>w;){var r=D;if(r&&x>w?(o.assert(r.state===l,"Task was not in a pending state and we were just about to execute it."),r=m(t(r))):r=null,r&&!v(e)){break.}}q=!1,f()}function m(e){if(e){o.assert(void 0!=e.id&&!A[e.id],"Task didn't have an id or was already active!"),w++,A[e.id]=e,e.startTime=(new Date).getTime(),e.state=c;var r=e.exec(function(r){T(e,r)});r\|\|T(e)}return e}function T(e,r){e.state===c&&(w--,o.assert(A[e.id],"A task is being completed without being in the active task list."),delete A[e.id],r&&"number"==typeof r?(e.state=d,e.timeoutId=wind

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\en[1].json Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1596
Entropy (8bit):	4.58270498225657
Encrypted:	false
SSDEEP:	48:p+fLBlpByk3smTj3xQwQp97R7hN/gyFym:4fdluk3VTjx67pl
MD5:	74EEE4DBD7F1E0136BD930CD77FC228A
SHA1:	C3560FBDF1E7A4EDCD505964F4C681EAEEE1F820
SHA-256:	3E1F343B8507D68C963087A9F6E1D348D888B49DF66A9C9A2F5DD19F186301F3
SHA-512:	EC644D70D8B2951C91356425D935960E81A046C4B6209EF22EE8B089402FBC038A235B9B29E9C823C4BD6CD9A1CD6ED5C1DCFC0AE0F2B219218953E04629E9D6
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/translations/en.json
Preview:	{. "clean": "The site is clean.",. "cleanRedirect": "You will be redirected.",. "exitPage": "Leave the page",. "followTheTrainingClass": "Stop falling for phishing",. "goAnyway": "Proceed to the page anyway",. "goWebSite": "Proceed to web page with caution",. "ifYouBelieveThisWebsiteIsLegitimate": "If you believe this website is legitimate, please proceed to web page with caution.",. "internalError": "Internal error, retry later.",. "letsTakeThePhishingClass": "Train yourself",. "phishing": "The web page has been identified as PHISHING.",. "phishingContent": "Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons. We advise you do not visit the page.",. "running": "Security analysis in progress.",. "suspicious": "Warning: suspiscious link.",. "theLinkInYourEmailYouHaveClickedOn": "The link in the email you have just clicked on

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	96649
Entropy (8bit):	5.297804550899051
Encrypted:	false
SSDEEP:	1536:G+6LPOpumEEni7iU2e25CxgjDb60nkN8h1utK0Dv+9G1LDrjsNyw5yn/dFZ75Tym:xH7pDuVUNB0lmEGWf
MD5:	E55ECB02E7376CD010C764107EBD513F
SHA1:	FA6D184DF01EC535628DC8FAF38211591BAADFC8
SHA-256:	5776881753B95A0ABE5D1F6EFE3ABE7B83A3265EACCD117DD948E523C044600C
SHA-512:	099C665E1CEE8DF9C5D5C340A14170341BD29E0321875FF08E594B750CFDBF2CA8C9B45B584FCA21F87CBE6CD8A170918CECFF8C9796AAFA3D89F0AA97509ABD
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Preview:	/!. jQuery JavaScript Library v1.10.2. * http://jquery.com/. . Includes Sizzle.js. * http://sizzlejs.com/. . Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors. * Released under the MIT license. * http://jquery.org/license. . Date: 2013-07-03T13:48Z. */.!function(e,t){function n(e){var t=e.length,n=ct.type(e);return ct.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n\|\|"function"!==n&&(0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=kt[e]={};return ct.each(e.match(pt)\|\|[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(ct.acceptData(e)){var o,a,s=ct.expando,u=e.nodeType,l=u?ct.cache:e,c=u?e[s]:e[s]&&s;if(c&&l[c]&&(i\|\|l[c].data)\|\|r!==t\|\|"string"!=typeof n){return c\|\|(c=u?e[s]=tt.pop()\|\|ct.guid++:s),l[c]\|\|(l[c]=u?{}:{"toJSON":ct.noop}),("object"==typeof n\|\|"function"==typeof n)&&(i?l[c]=ct.extend(l[c],n):l[c].data=ct.extend(l[c].data,n)),a=l[c],i\|\|(a.data\|\|(a.data={}),a=a.data),r!==t&&(a[ct.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	80144
Entropy (8bit):	5.421376219099593
Encrypted:	false
SSDEEP:	1536:vZ2N4/PzS0zdqm4NVmVtfB6aTJDIO5XxV7FyTDQIp8a+fNNnbt:Ay+0LmmBt7c1+Rfbt
MD5:	5F50584B68D931B8BB85F523F15BAA14
SHA1:	FAF4BD348F40016BCE0ABF54F167C7923B303ABB
SHA-256:	3C829DCF48768082A6177B77AE4E499337ED4C8BD056705CDB1E979F7B6EFCE5
SHA-512:	EB01573B9152D93400C7BCDC0C3746B58E8F5F8BA7A4C033D3A30D688E307543979402CAD4A19249391BA3113466F562D20A521BBEFFB7864AEBEB18FDB79BC1
Malicious:	false
Reputation:	low
IE Cache URL:	https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Preview:	/!------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------....This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise. .... Knockout JavaScript library v3.3.0.. * (c) Steven Sanderson - http://knockoutjs.com/.. * License: MIT (http://www.opensource.org/licenses/mit-license.php)....Provided for Informational Purposes Only....MIT License ....Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\latest[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI family
Category:	downloaded
Size (bytes):	35047
Entropy (8bit):	7.975792390307888
Encrypted:	false
SSDEEP:	768:I6ibzTDpOGuAJ63YB9eSzDtQEspfAzyNyuBmOfAJYCM:/iPMYJ4GEAZoTyglcM
MD5:	CAD76E4816AF6890C9BFD02A6D1EA899
SHA1:	9EDC91541C31034FCE0D83AABBAAD4C314CD3D33
SHA-256:	D5794223D1A062E5DBE6C34C1994C8CE3792B24AFD5218D0644CB1F53DA4BE58
SHA-512:	24983A5856C2B4D8CBE2A4BD233A93B266A03D4218942E1D1733B33B65AB7A504AF0AC31DE2F1E69F6FF8CCD7A169CD4555539D34FFF8DE4CB8C98DB2DB2C863
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/normal/latest.eot?
Preview:	...=.............................LP#...B.............. ............................S.e.g.o.e. .U.I.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I..........RV.z..;~......U.D.-..iu...N4P\..GLFM.Y.?.;..-...~~....Ox.M..".$.._..........g..sC2..4W.....9AGc.[a...rCl,..@..U_..L...e..Ru.J.-.f..3........S`.A........K<;...n.Y...rIi......([...W...5k..........^K.G...U.@....2H..B.)N0w.....C..9...........#.l2,4..6y.3$b....K.wx...l.$E..?3.8.c...,x..t.wa.O....4.c...!..+.<EM...2T.>\..]4.A.H.;..G......W.:.?...Z".....e....8....84.L,.)0..y.Xdd.Pa.@.&.o(.I.q.yF...[.y.m(D...(....T......,A.;q.....w.$..C..a.. .Y.O?{..0...'1.;C.,.......W..Q-..'.5tD@9..U...E4e.&_...S.Y...\)b.s.rIR.....%..R..KU O..{.0(......^Q\^!.et...Kf%..K...}.1...S.{........3p..]...\|Y...w..\|JeS$..k.....>(8 .ZlV..N.).c...Z.K.\..q.....'S.j...........9...._..E.#s*'#......[......DJ^.L7../1...+U.qG........-..MM..q....L..c...^...:e....<h...:..`.jz..fb.Ha.....k.....e\)g..\."..M

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\latest[2].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), Segoe UI Light family
Category:	downloaded
Size (bytes):	28315
Entropy (8bit):	7.9724193003797
Encrypted:	false
SSDEEP:	384:+R0Z7+bHAtrQ1yBFbgqLct7rJhhPLLkHsrvSzaJu4mI3n5o+MmKCxDg6iT7jdVye:+uNUAtE3phPLLFTiMu+pxCjHyGEQ9zL
MD5:	17DFE73CB9C64527F7248B0A24DB317D
SHA1:	345198B9239FCDAF038FB2D3A919E4724037DBAA
SHA-256:	AD75FB92B2EBCE6C37640F03E1AB96A752F388BCE60C877ADE4780B13839E8C4
SHA-512:	421B56D93E9BD5E4B4449DD0FCDEE8D531087FD484C91530AAF0A67EDEA33D5AC2F14A7F4966C528C0F130F17F26629FCAB9F8AB47E950CEB5B9F1A827EA0728
Malicious:	false
Reputation:	low
IE Cache URL:	https://i.s-microsoft.com/fonts/segoe-ui/west-european/light/latest.eot?
Preview:	.n...m............................LP#...B.............. ............................S.e.g.o.e. .U.I. .L.i.g.h.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .5...3.2.....S.e.g.o.e. .U.I. .L.i.g.h.t..........K..e..66......U.D.-..iu...4P\..GLFM..C?.;..-...~\|...P..\.(..)RI.....>.>..CE..SsV.jPR...H.......].R..&.n.hT.......x.....q .......wA[....F.........c.".......Zed..>.?...`..3...B..W....R....F.j....v..'?.5.k^........+..a...).._].x.#QSi.....\|<t....k.;..Hv1.G...L$.9....5.t.:...V.Y.......\|.@....B.....P`..2.Z.0....2`.FR.MF8.x....GP0..$:.....PYm.22..."S."1.j[=.=.mR........j....&.4...k..].1@..y$......"y..C..g7..k.B...V..F\...G.m.jK ...O....b.Qlo...!.N.V....t.[..p.N..~@1d...YX.."....R_i.4.$j.P..U....u9...<..6..4%........9`.....S...N.Y..L..B$2\.E.vhe...n..h..5..Z..K?.H..S...2..=R..x.....EX.2......$."....It8..z.+.h ..$.2T....}Z../....p..b0ae.qq.(-v1..E.!.l".a..p.).;..8t..7..^..W...4A.D\eOb$......b.NI.Pe.#$.O38....,....g..&\|...B{...].....9..u.8..~Y...3.X..ff.,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:	96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\print[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	338
Entropy (8bit):	7.004897375379158
Encrypted:	false
SSDEEP:	6:6v/lhPkR/C+k790OCotr/vbXX3PHrLiBxwGFhGsznYUAlnEkPb6PL2+/pTp:6v/78/v4rrXX3u1XYRm4byp9
MD5:	290AFB4165DD808A850D8920AEB5DBF4
SHA1:	0B4BF844AED3A740A99B7415F6BD803E84DDDA4D
SHA-256:	882FDB8A4BF176D2A09427D6A5BDBA3051307F2605090DA848085B0D78B6FD99
SHA-512:	197AD95E98C04B26AAD845DF7FF5C3C2CC6020E5273526970261F30A8EEAAB30A1C0DDC2BAE1D654095E8D47D399CCB526B32AD7CBE84CB1140E2D5F5142A7DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSImages/print.png?version=81dae466-5035-741c-3caa-426a84bf5915
Preview:	.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d....IDAT8O..=..0...\.+....{......A.qQ..*.....&.l.....4i.7MM$u..:b&5..F.2.q....%3L.K..,..2C....c?+.{....B7i~R..0;.r..C.c....$....Jx.^8.O.l.!E).#l...e..#.k/...y.D..%<.<......4\.2H..0.>...WY9giK,la/....p<...4%...N..-I..._%...s1....P.......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\runtime.6365c83cf5269d64213c[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	2207
Entropy (8bit):	5.170870113645252
Encrypted:	false
SSDEEP:	48:EeePYnOZGeFOFGBPiUuJmTLfkBLok/X6X8+DU:EeewOx/j3ap/X6ZI
MD5:	841C9572F8AD72185A788386B4A79281
SHA1:	171E4DBDE470FC5D25341AC76424B0B5A03F323C
SHA-256:	7DF9085340193117614E21408E12FC571E7C64940FEBE4C9FF2258A9DB348446
SHA-512:	A2DB5077F8D27F888C159B1E268D402BADB6091E8D2C8BC654562BD199F5673E9346A3A88CAC1DFC8A49B3ECFB3B8C27996F71E027805095FB1E8CCCFAE30F49
Malicious:	false
Reputation:	low
IE Cache URL:	https://m365.eu.vadesecure.com/safeproxy/runtime.6365c83cf5269d64213c.js
Preview:	!function(e){function r(r){for(var n,i,a=r[0],c=r[1],f=r[2],p=0,s=[];p<a.length;p++)i=a[p],o[i]&&s.push(o[i][0]),o[i]=0;for(n in c)Object.prototype.hasOwnProperty.call(c,n)&&(e[n]=c[n]);for(l&&l(r);s.length;)s.shift()();return u.push.apply(u,f\|\|[]),t()}function t(){for(var e,r=0;r<u.length;r++){for(var t=u[r],n=!0,a=1;a<t.length;a++){var c=t[a];0!==o[c]&&(n=!1)}n&&(u.splice(r--,1),e=i(i.s=t[0]))}return e}var n={},o={0:0},u=[];function i(r){if(n[r])return n[r].exports;var t=n[r]={i:r,l:!1,exports:{}};return e[r].call(t.exports,t,t.exports,i),t.l=!0,t.exports}i.e=function(e){var r=[],t=o[e];if(0!==t)if(t)r.push(t[2]);else{var n=new Promise(function(r,n){t=o[e]=[r,n]});r.push(t[2]=n);var u,a=document.createElement("script");a.charset="utf-8",a.timeout=120,i.nc&&a.setAttribute("nonce",i.nc),a.src=function(e){return i.p+""+({}[e]\|\|e)+"."+{4:"10058cc921dd9b1421f1"}[e]+".js"}(e),u=function(r){a.onerror=a.onload=null,clearTimeout(c);var t=o[e];if(0!==t){if(t){var n=r&&("load"===r.type?"missing

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\script[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	50466
Entropy (8bit):	5.403327253117392
Encrypted:	false
SSDEEP:	768:3Vs4A3c/bSKCzUm4D19h3j9UIAyjYXQgyjYXEoygRRsRnMtoafRnvdMIKebqH:h6c/bSKCzUm4DDh3j+9XQ4XE+BZdMIK9
MD5:	633B23CA8A850C508C146635DB4239F5
SHA1:	CF78DA53BD7561F3ACB33710016ECBF60E9F0204
SHA-256:	DAA1677D2640BE8A77F6C69EEE3911D2F8CF81DAA7BB604800A2D63A8F130C95
SHA-512:	82D4887AB9BB6A449FB0E5B6DEF80215B5F9E51058DCB1B8B7CD583A880F93428C3FB75B37C0E9481843203A4878FEF32424B5CD2EBCDD811D92604A1C1BCAEB
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=1a053411-4f63-d069-d3b8-11d5d720eeb4
Preview:	function ShowSelectedComponentKeyPress(n,t){if(window.event.keyCode==13)return ShowSelectedComponent(n,t),!1}function ShowHighLight(n){var t=$("#div"+n).height();$.browser.msie&&parseInt($.browser.version,10)==7?$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":Math.round(t/2+.3)+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":Math.round(t/2+.3)+"px solid white"}):$("#div"+n+" > .highlight").css({width:"0",height:"0","background-color":"white",float:"left","border-top":t/2+.3+"px solid white","border-right":"0.75em solid "+$("#div"+n).css("background-color"),"border-bottom":t/2+.3+"px solid white"})}function SetRightSideNavigationMenuHeight(){$("[id^=dvModuleGroup_]").hide();window.location.search.toLowerCase().indexOf("bookmarkid")!=-1&&SelectBookMark();window.location.search.toLowerCase().indexOf("componentid")!=-1&&LoadSelectedInternalLink();$(".div_side_comp").length>0&&$(".

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\servicesagreement[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	213572
Entropy (8bit):	5.167634699143645
Encrypted:	false
SSDEEP:	6144:ETQZaZEzF0a6OGYL0seowg6ehsymCJ2i/T9VTSfaTHgJi7eshMcgGW3la:EcZaZEzX6OGYQseowg6ehsymCJ2i/pVP
MD5:	AEAF8C3C2BB81321C7C2B351F1CE1C33
SHA1:	C96103B79FCB8E21DF2DC65F6D0001E0C37646EB
SHA-256:	35141A3FBEE7A4C6B62457D23E23110B651BF85D46FEF33BB4532EE56DB67248
SHA-512:	4F0FE957ED5BC93852302F2909C22BCB8AA711D8ED085BA316D6762459DDB691D40F953C07146EC767F20D5608E5574D87014913FE936C2A2CE6C9AFD852486F
Malicious:	false
Reputation:	low
Preview:	.<!DOCTYPE html ><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext" xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><head><meta name="viewport" content="initial-scale=1.0, width=device-width" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><title>Microsoft Services Agreement</title><meta name="Title" content="Microsoft Services Agreement" /><meta name="CorrelationVector" content="XdMLtzsj9Ei0Fv7G.1" /><meta name="Description" content="" /><meta name="MscomContentLocale" content="en-us" /><link href="https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/16-3b4837/cf-7f2b14/7b-5ab060/b2-7c2f2c/af-85090f/b0-adecbe/42-6d7c67/52-7ec320?ver=2.0&amp;_cf=20210415" rel="stylesheet" type="text/css" media="screen" /><link href="https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css?c=7" rel="stylesheet" type="text/css" media="

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\signin-options_4e48046ce74f4b89d45037c90576bfac[1].svg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:	48:ztSAS1OtmCtc7aIVmt4yyR9S2lKUyDWwh:RoOtmCtc7aCmVQHSRh
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	low
IE Cache URL:	https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\signup[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	170317
Entropy (8bit):	5.178558993961694
Encrypted:	false
SSDEEP:	1536:Ocf4WZ2yFzlF70UgGZ2qWlem/ZHpvCBk8gXYKR6B0siQasp+x2A8ZF4c/fQgdRy:Rf4RRW2Jem/ZHpKBrB0hs+x2XZF4ng7y
MD5:	19BB2853EE86AABDAC199890B5E617B6
SHA1:	87C4B46AF35A8FF9B12293E754762B22790067DD
SHA-256:	069E6C793B94389CD1F76F7F49D281D5A5FCC9A1427685346FFB69E82AF4FFE5
SHA-512:	389B26138CD9AEF698F0CB8BF3B67272ABC49B5071FE18A19C7D42835A3532549E80AF17D12C6948604639A26D1226788C80B375D3118B4E7BF8182950B97178
Malicious:	false
Reputation:	low
Preview:	.. Copyright (C) Microsoft Corporation. All rights reserved. -->....<!DOCTYPE html>..<html lang="en" xml:lang="en" class="m_ul" dir="ltr" style="">.. <head>.. <link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<link rel="preconnect" href="https://acctcdn.msauth.net" crossorigin>..<meta http-equiv="x-dns-prefetch-control" content="on">..<link rel="dns-prefetch" href="//acctcdn.msauth.net">..<link rel="dns-prefetch" href="//acctcdn.msftauth.net">..<link rel="dns-prefetch" href="//acctcdnmsftuswe2.azureedge.net">..<link rel="dns-prefetch" href="//acctcdnvzeuno.azureedge.net">.... <title>Microsoft account</title>.. <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/><meta name="referrer" content="origin"/><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, minimum-scale=1.0, user-scalable=yes"/><meta name="format-detection" content="telephone=no"/>.. <link rel="shortcut icon" href="https://acctcdn.msau

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	137436
Entropy (8bit):	5.360850019087837
Encrypted:	false
SSDEEP:	1536:+Fk5W00zHVaAgrBmeZCstBwB/BxBf9e969j9S9h919g9Z9C9f9g9Z9e979Q9t9Vp:+Fk5W003MC/
MD5:	D0519383C16A2B2D2879BFBF15845F0C
SHA1:	B2FBBC365B2CA853B1CBEAAA0F10BB05148ED9AA
SHA-256:	046BA9FDD7992751785036A03AB6EDD3052465C23C2BAD1ADC80905DC6AA39A9
SHA-512:	2DB8E6E4AD75F756D0B70071EC49EA4FF54360AFDAAC007C0FFD5ACF575961E661DD275329347210AD71206885A50DA2E58F12CE84E6C7A3BC3D5EDD81E3B5BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://c.s-microsoft.com/en-us/CMSStyles/style.csx?k=3c9ade18-bc6a-b6bd-84c3-fc69aaaa7520_899796fc-1ab6-ed87-096b-4f10b915033c_e8d8727e-02f3-1a80-54c3-f87750a8c4de_6e5b2ac7-688a-4a18-9695-a31e8139fa0f_b3dad3e4-0853-1041-fa46-2e9d6598a584_fc29d27f-7342-9cf3-c2b5-a04f30605f03_28863b11-6a1b-a28c-4aab-c36e3deb3375_907fa087-b443-3de8-613e-b445338dad1f_a66bb9d1-7095-dfc6-5a12-849441da475c_1b0ca1a3-6da9-0dbf-9932-198c9f68caeb_ef11258b-15d1-8dab-81d5-8d18bc3234bc_11339d5d-cf04-22ad-4987-06a506090313_50edf96d-7437-c38c-ad33-ebe81b170501_8031d0e3-4981-8dbc-2504-bbd5121027b7_3f0c3b77-e132-00a5-3afc-9a2f141e9eae_aebeacd9-6349-54aa-9608-cb67eadc2d17_0cdb912f-7479-061d-e4f3-bea46f10a753_343d1ae8-c6c4-87d3-af9d-4720b6ea8f34_a905814f-2c84-2cd4-839e-5634cc0cc383_190a3885-bf35-9fab-6806-86ce81df76f6_05c744db-5e3d-bcfb-75b0-441b9afb179b_8beffb66-d700-2891-2c8d-02e40c7ac557_b1fe3f15-7512-0a8f-a55b-b316245621b5_f9c8eff0-3e34-2c33-6c0d-1fa7c5077eec
Preview:	@font-face{font-family:'wf_segoe-ui_light';src:url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/light/latest.eot');src:local("Segoe UI Light"),local("Segoe WP Light"),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/light/latest.eot?#iefix') format('embedded-opentype'),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/light/latest.woff') format('woff'),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/light/latest.ttf') format('truetype'),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/light/latest.svg#web') format('svg');font-weight:normal;font-style:normal}@font-face{font-family:'wf_segoe-ui_normal';src:url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot');src:local("Segoe UI"),local("Segoe"),local("Segoe WP"),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.eot?#iefix') format('embedded-opentype'),url('//c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.w

C:\Users\user\AppData\Local\Temp\~DF5BC955434102D5F6.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.4799570395980712
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lom9loW9lWLRp0Ssc:kBqoIBHL/xB
MD5:	65B3505329D5518210D0D2FBAD0FE7DB
SHA1:	95B8F583A3D57C80D4BC4E99FC9AFD329294CE6B
SHA-256:	D40AE0ED15D5353AEF0F3F684CA192E4CF190481BEF961AA8B9A63D991DB8031
SHA-512:	BAFADCE4D517E23D0987245AEA560C27BB6A3282BFD03CF69826173929F9C2100512DDAA9B7A7D289696CB836D33A627D09E44A5E8AAC31B4FAC69D9C8BB10AA
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF7374E98D39EE6A7D.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF9F1FBDE3735B8083.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	133484
Entropy (8bit):	2.7730054451587334
Encrypted:	false
SSDEEP:	3072:GPRrVrXKerVTXg4S7bIyIPIUIhIXIpcFM5IeIxIOI9I4ZI4:GPRrVWerVk4S7bIyIPIUIhIXIpcFM5Ii
MD5:	A80D7CECACE77410323944509F81A3E5
SHA1:	D36715606326812A58F06CFE3E980DEAF3F74EB3
SHA-256:	B93953645F8B502EC25BC3CE832872220F55298A6D8C154E16D3CE3509A318F9
SHA-512:	CF67EAB8DE22F020BEFB155AE7F5BA13E7A08508831C0D5B41ECAB46270DDF3941FA3010620C890E2084EDD1C990666E1D38075577E90BB40B3C5B4B515DEEBB
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 18, 2021 18:10:56.964371920 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:56.964656115 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.016977072 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.017102003 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.017580986 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.017684937 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.023165941 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.023410082 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.075325966 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.075362921 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.075382948 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.075515032 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.075593948 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.076236010 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.076275110 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.076294899 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.076371908 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.076435089 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.115362883 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.115381956 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.124809027 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.166517019 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.166554928 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.166712999 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.166765928 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.197751999 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.197783947 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.197801113 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.197931051 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.201332092 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.201392889 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.254242897 CEST	443	49693	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.254461050 CEST	49693	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.285480022 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.287825108 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.289098024 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.290329933 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.339001894 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.339167118 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.340316057 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.340342999 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.340440989 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.341233969 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.341367960 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.342479944 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.348371983 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.354005098 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354043007 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354063034 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354082108 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354101896 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354125977 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354146957 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354167938 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354188919 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354202986 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.354208946 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.354278088 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.391216993 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.391386032 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.393403053 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.393448114 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.393507004 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.394217968 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.396846056 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.399512053 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.399688959 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.399977922 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.400706053 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.405081034 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405127048 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405148029 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405168056 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405235052 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.405239105 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405267954 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405284882 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405288935 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.405306101 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405327082 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.405375957 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.405411005 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.406536102 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.409692049 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.409727097 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.449778080 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.452603102 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.457284927 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.458401918 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.458435059 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.458450079 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.458547115 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.458615065 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.460505009 CEST	443	49694	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.460623980 CEST	49694	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.460836887 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.460881948 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.463802099 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463850021 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463872910 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463892937 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463916063 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463937998 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463937044 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.463963032 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.463964939 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.463987112 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.464009047 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.464020014 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.464035988 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.464060068 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.464085102 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.470207930 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470246077 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470268965 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470288038 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470305920 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470328093 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470340967 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.470350027 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470372915 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470386982 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.470392942 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470415115 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.470453024 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.470479012 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.511815071 CEST	443	49695	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.512012005 CEST	49695	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.514966965 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515007019 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515028954 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515053988 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515074968 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515098095 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515101910 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515152931 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515160084 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515177965 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515192032 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515199900 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515224934 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515238047 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515249968 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515266895 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515275002 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515299082 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515317917 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515321970 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515346050 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515363932 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515368938 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515402079 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515429020 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515445948 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515466928 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515491009 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515501976 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515513897 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.515533924 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515566111 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.515611887 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521194935 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521236897 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521258116 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521277905 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521301031 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521312952 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521322012 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521343946 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521364927 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521395922 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521428108 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521698952 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521735907 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521758080 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521774054 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521780014 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521835089 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521837950 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521858931 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521882057 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521888971 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521905899 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.521955013 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.521990061 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.522022009 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.522041082 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.522078991 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.522115946 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.528124094 CEST	49696	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566507101 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566555977 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566579103 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566600084 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566625118 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566629887 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566649914 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566674948 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566690922 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566698074 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566724062 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566745996 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566752911 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566771030 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566792965 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566793919 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566823959 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566880941 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.566917896 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566942930 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566967010 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566989899 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.566993952 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567023993 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567049026 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567060947 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567086935 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567107916 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567126036 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567161083 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567188978 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567190886 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567245960 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567481041 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567509890 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567532063 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567553043 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567555904 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567581892 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567584991 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567604065 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567625046 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567627907 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567648888 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567670107 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567681074 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567692995 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567713976 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567718983 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567738056 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567748070 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567786932 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567879915 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567903996 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567923069 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567943096 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.567949057 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567992926 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.567997932 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.568017006 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.568041086 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.568059921 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.568063974 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.568099976 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.568144083 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.579022884 CEST	443	49696	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619242907 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619312048 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619352102 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619384050 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619390011 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619416952 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619426966 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619430065 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619442940 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619469881 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619518042 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619518042 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619543076 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619566917 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619580984 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619606972 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619646072 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619649887 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619684935 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619714022 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619715929 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619723082 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619744062 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619757891 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619771004 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619796991 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619803905 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619838953 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619846106 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619880915 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619904041 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619920015 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619930029 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.619960070 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.619968891 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620002985 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620007038 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620050907 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620054007 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620095015 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620105028 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620134115 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620140076 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620173931 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620192051 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620212078 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620227098 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620251894 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620264053 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620291948 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620296955 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620331049 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620337963 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620378017 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620379925 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620424032 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620428085 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620461941 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620470047 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620501995 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620507956 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620542049 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620553017 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620579004 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620594025 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620618105 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620623112 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620657921 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620661974 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620706081 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.620712996 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.620755911 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.633282900 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.633343935 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.686219931 CEST	443	49697	40.89.138.20	192.168.2.6
May 18, 2021 18:10:57.686295033 CEST	49697	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.962690115 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:57.963522911 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.013839960 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.014092922 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.014535904 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.014672041 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.015732050 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.016045094 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.037833929 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.066463947 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.066656113 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.066898108 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.067013979 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.067420959 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.070290089 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.073056936 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.073154926 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.088960886 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.089144945 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.090065002 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.123788118 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.124689102 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.130853891 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.130883932 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.131012917 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.131198883 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.131258965 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.131887913 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.131913900 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.131927013 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.131941080 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.131953001 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.132004023 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.132052898 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.135747910 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.135910988 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.140815973 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.141009092 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.143971920 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.146271944 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.182377100 CEST	443	49699	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.182578087 CEST	49699	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.186741114 CEST	443	49698	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.186891079 CEST	49698	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.196988106 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.215936899 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.215967894 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.215985060 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.216001987 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.216021061 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.216125011 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.216202021 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.248729944 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.248773098 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.299859047 CEST	443	49700	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.299952984 CEST	49700	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.366748095 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.371150970 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.404088974 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.417771101 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.417907000 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.422158003 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.422374010 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.424318075 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.426342964 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.454881907 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.455044985 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.475231886 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.475414038 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.477300882 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.477477074 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.726270914 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.747004032 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.749187946 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.749777079 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.751470089 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.772078037 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.799680948 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.799947023 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.801939964 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.803637028 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.814955950 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.814985037 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.815108061 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.815176010 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.817971945 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.818142891 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818171024 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818186998 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818200111 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818219900 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818237066 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818252087 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.818254948 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818272114 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818289042 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818300009 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.818305969 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.818382025 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.819696903 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.819736004 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.824345112 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.824495077 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.831870079 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.833635092 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.870830059 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870863914 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870878935 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870892048 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870925903 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.870961905 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870971918 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.870980978 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.870996952 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.871016979 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.871032000 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.871043921 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.871067047 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.871124983 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.871273994 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.871285915 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.871336937 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.871350050 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.872380972 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.872526884 CEST	443	49702	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.872595072 CEST	49702	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.874212027 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.886079073 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911355972 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911387920 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911408901 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911429882 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911449909 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911470890 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911493063 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911514044 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911535025 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.911576033 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.911621094 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.913552999 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.913609028 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.923911095 CEST	443	49701	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.924041986 CEST	49701	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.926940918 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.929678917 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.964757919 CEST	443	49703	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.964968920 CEST	49703	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.980446100 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.987962961 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.987997055 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:58.988172054 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.988210917 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.999145031 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:58.999198914 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.049957037 CEST	443	49704	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.050050020 CEST	49704	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.289686918 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.343202114 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.343369007 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.344183922 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.397481918 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.397639990 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.398377895 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.400844097 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.401113033 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.451553106 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.451648951 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.458745956 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.458796978 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.458894014 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.458930016 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.459053040 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.459093094 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.509798050 CEST	443	49705	40.89.138.20	192.168.2.6
May 18, 2021 18:10:59.509900093 CEST	49705	443	192.168.2.6	40.89.138.20
May 18, 2021 18:10:59.550076962 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:10:59.551232100 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:10:59.704987049 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:10:59.705091000 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:10:59.706202984 CEST	443	49708	104.47.44.28	192.168.2.6
May 18, 2021 18:10:59.706347942 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.000881910 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.003665924 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.160475969 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.160515070 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.160528898 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.160701036 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.163187027 CEST	443	49708	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.163232088 CEST	443	49708	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.163245916 CEST	443	49708	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.163407087 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.197113991 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.197949886 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.203744888 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.352751970 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.354187012 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.354294062 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.361083031 CEST	443	49708	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.361177921 CEST	49708	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.460335016 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:00.460434914 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.465245008 CEST	49707	443	192.168.2.6	104.47.44.28
May 18, 2021 18:11:00.620953083 CEST	443	49707	104.47.44.28	192.168.2.6
May 18, 2021 18:11:18.072366953 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.072474957 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.072501898 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.072593927 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.072796106 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.072879076 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114026070 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114092112 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114123106 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114150047 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114156008 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114185095 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114204884 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114255905 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114274025 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114351988 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.114398956 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.114423037 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.117331028 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.117419004 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.117543936 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.117554903 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.118055105 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.118102074 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.158941984 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.158976078 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.158988953 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159002066 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159488916 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159550905 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159801006 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159822941 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159840107 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159857035 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159873009 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159887075 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159892082 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.159930944 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.159934044 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159955025 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159965992 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.159971952 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.159991980 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160007954 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160016060 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160027027 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160029888 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160043001 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160047054 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160060883 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160070896 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160074949 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160088062 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160088062 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160099030 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160110950 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160110950 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160140038 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160470009 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160492897 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160502911 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160511971 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160522938 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160535097 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160538912 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160552025 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160569906 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160586119 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160598040 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160607100 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160609961 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160614967 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.160654068 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.160671949 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.175679922 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.175920010 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.176146030 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.176621914 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.176748991 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.176856995 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.176928043 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.177033901 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.177165031 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.177176952 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.181099892 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.181583881 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.183244944 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.183438063 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.183721066 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.184007883 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.184173107 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.184590101 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.217556953 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.217585087 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.217597961 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.217701912 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.217986107 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.218066931 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.218605995 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.218724966 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.218736887 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.218830109 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.219346046 CEST	49734	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221425056 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221455097 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221474886 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221493959 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221508980 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221532106 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221544027 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221549034 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221566916 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221585035 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221601009 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221602917 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221621037 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221640110 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221649885 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221656084 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221673012 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221682072 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221690893 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221707106 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221709967 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221724987 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221733093 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221740961 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221760988 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221770048 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221779108 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221796036 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221802950 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221813917 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.221833944 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.221856117 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.222812891 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.222840071 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.222886086 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.222930908 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.223015070 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.223061085 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.223808050 CEST	49733	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225050926 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225102901 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225116014 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225126028 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225130081 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225166082 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225181103 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225193977 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225205898 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225215912 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225501060 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225547075 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225802898 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225824118 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225837946 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225857019 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225862980 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225874901 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225887060 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225893021 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225900888 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225907087 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.225933075 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225955009 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.225996017 CEST	49732	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.226016045 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.226136923 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.227319002 CEST	49730	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.227536917 CEST	49731	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.259270906 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259303093 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259320021 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259335041 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259354115 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259371042 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.259488106 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.259567022 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263362885 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263395071 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263411999 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263432980 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263454914 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263479948 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263500929 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263518095 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263534069 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263535976 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263551950 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263571978 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263592005 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263603926 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263608932 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263628006 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263644934 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263660908 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263662100 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263679028 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263695955 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263703108 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263712883 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263734102 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263751030 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263760090 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263767958 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263784885 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263802052 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263804913 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263818979 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263835907 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263847113 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263854027 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263875961 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263895035 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263902903 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263911963 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263928890 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263945103 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263953924 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.263962984 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263979912 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.263994932 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264003992 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.264017105 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264034986 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264050007 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264055014 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.264070034 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264087915 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264103889 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264103889 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.264122009 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264138937 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264142990 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.264158964 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.264190912 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.264247894 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.267359972 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267385960 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267400980 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267416954 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267523050 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.267714977 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267776966 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.267786980 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267817974 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267843008 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267860889 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267864943 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.267878056 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.267924070 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.267962933 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.301325083 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301357031 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301369905 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301389933 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301408052 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301424026 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301440001 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301455975 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301471949 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301487923 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301502943 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301522970 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.301574945 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.301692963 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.302058935 CEST	443	49734	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305275917 CEST	443	49733	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305628061 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305645943 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305664062 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305680037 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305700064 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305713892 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.305723906 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.305857897 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.309907913 CEST	443	49730	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.309926033 CEST	443	49732	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.312681913 CEST	443	49731	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.598407030 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.598963022 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.618989944 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.641462088 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642297983 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642318010 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642329931 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642343998 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642358065 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642378092 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642395973 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642411947 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642426968 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642442942 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642458916 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642476082 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642476082 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.642493010 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642513037 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.642558098 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.642589092 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645597935 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645634890 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645654917 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645670891 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645672083 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645689964 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645706892 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645709991 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645724058 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645740032 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645756960 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645766973 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645777941 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645796061 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645803928 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645812988 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645829916 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645834923 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645848036 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645858049 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645864964 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645881891 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645898104 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645905972 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645919085 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645936966 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645942926 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.645952940 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.645967960 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.646012068 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.664330959 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.664448977 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.721620083 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.766937971 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.767030001 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.871615887 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.914675951 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.914709091 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.914731026 CEST	443	49735	152.199.21.175	192.168.2.6
May 18, 2021 18:11:18.914861917 CEST	49735	443	192.168.2.6	152.199.21.175
May 18, 2021 18:11:18.914916992 CEST	49735	443	192.168.2.6	152.199.21.175

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 18, 2021 18:10:41.394640923 CEST	52157	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:41.447253942 CEST	53	52157	8.8.8.8	192.168.2.6
May 18, 2021 18:10:42.315428972 CEST	61182	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:42.367363930 CEST	53	61182	8.8.8.8	192.168.2.6
May 18, 2021 18:10:46.834430933 CEST	55673	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:46.886253119 CEST	53	55673	8.8.8.8	192.168.2.6
May 18, 2021 18:10:47.785630941 CEST	57773	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:47.835130930 CEST	53	57773	8.8.8.8	192.168.2.6
May 18, 2021 18:10:48.706429958 CEST	59986	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:48.758138895 CEST	53	59986	8.8.8.8	192.168.2.6
May 18, 2021 18:10:49.625416040 CEST	52478	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:49.677932024 CEST	53	52478	8.8.8.8	192.168.2.6
May 18, 2021 18:10:50.888711929 CEST	58931	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:50.941728115 CEST	53	58931	8.8.8.8	192.168.2.6
May 18, 2021 18:10:51.314718008 CEST	57725	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:51.377434969 CEST	53	57725	8.8.8.8	192.168.2.6
May 18, 2021 18:10:54.871462107 CEST	49283	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:54.926825047 CEST	53	49283	8.8.8.8	192.168.2.6
May 18, 2021 18:10:56.894735098 CEST	58377	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:56.952841997 CEST	53	58377	8.8.8.8	192.168.2.6
May 18, 2021 18:10:59.454021931 CEST	55074	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:59.487915993 CEST	54513	53	192.168.2.6	8.8.8.8
May 18, 2021 18:10:59.514625072 CEST	53	55074	8.8.8.8	192.168.2.6
May 18, 2021 18:10:59.547851086 CEST	53	54513	8.8.8.8	192.168.2.6
May 18, 2021 18:11:00.473098040 CEST	62044	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:00.533807993 CEST	53	62044	8.8.8.8	192.168.2.6
May 18, 2021 18:11:00.874819994 CEST	63791	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:00.925002098 CEST	53	63791	8.8.8.8	192.168.2.6
May 18, 2021 18:11:00.994976997 CEST	64267	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:01.047511101 CEST	53	64267	8.8.8.8	192.168.2.6
May 18, 2021 18:11:01.317836046 CEST	49448	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:01.379018068 CEST	53	49448	8.8.8.8	192.168.2.6
May 18, 2021 18:11:01.804048061 CEST	60342	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:01.876538992 CEST	53	60342	8.8.8.8	192.168.2.6
May 18, 2021 18:11:02.181597948 CEST	61346	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:02.234333038 CEST	53	61346	8.8.8.8	192.168.2.6
May 18, 2021 18:11:07.738805056 CEST	51774	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:07.788930893 CEST	53	51774	8.8.8.8	192.168.2.6
May 18, 2021 18:11:08.821156979 CEST	56023	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:08.871227980 CEST	53	56023	8.8.8.8	192.168.2.6
May 18, 2021 18:11:09.744224072 CEST	58384	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:09.829827070 CEST	53	58384	8.8.8.8	192.168.2.6
May 18, 2021 18:11:11.639370918 CEST	60261	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:11.689153910 CEST	53	60261	8.8.8.8	192.168.2.6
May 18, 2021 18:11:13.678124905 CEST	56061	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:13.747951984 CEST	53	56061	8.8.8.8	192.168.2.6
May 18, 2021 18:11:14.085227013 CEST	58336	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:14.135387897 CEST	53	58336	8.8.8.8	192.168.2.6
May 18, 2021 18:11:15.172652006 CEST	53781	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:15.224030972 CEST	53	53781	8.8.8.8	192.168.2.6
May 18, 2021 18:11:16.257832050 CEST	54064	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:16.319384098 CEST	53	54064	8.8.8.8	192.168.2.6
May 18, 2021 18:11:16.940918922 CEST	52811	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:17.012808084 CEST	53	52811	8.8.8.8	192.168.2.6
May 18, 2021 18:11:17.903264999 CEST	55299	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:17.961322069 CEST	53	55299	8.8.8.8	192.168.2.6
May 18, 2021 18:11:19.680918932 CEST	63745	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:19.738238096 CEST	50055	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:19.750391006 CEST	53	63745	8.8.8.8	192.168.2.6
May 18, 2021 18:11:19.798530102 CEST	53	50055	8.8.8.8	192.168.2.6
May 18, 2021 18:11:20.887058973 CEST	61374	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:20.948267937 CEST	53	61374	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.302862883 CEST	50339	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.357551098 CEST	53	50339	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.586416006 CEST	63307	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.586489916 CEST	49694	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.590369940 CEST	54982	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.599312067 CEST	50010	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.612111092 CEST	63718	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:21.646564960 CEST	53	63307	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.647830963 CEST	53	49694	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.650779963 CEST	53	54982	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.668365002 CEST	53	50010	8.8.8.8	192.168.2.6
May 18, 2021 18:11:21.672204971 CEST	53	63718	8.8.8.8	192.168.2.6
May 18, 2021 18:11:22.301095963 CEST	50339	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:22.362302065 CEST	53	50339	8.8.8.8	192.168.2.6
May 18, 2021 18:11:23.559242964 CEST	50339	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:23.611709118 CEST	53	50339	8.8.8.8	192.168.2.6
May 18, 2021 18:11:25.042316914 CEST	62116	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:25.103599072 CEST	53	62116	8.8.8.8	192.168.2.6
May 18, 2021 18:11:25.560605049 CEST	50339	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:25.613210917 CEST	53	50339	8.8.8.8	192.168.2.6
May 18, 2021 18:11:25.727502108 CEST	63816	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:25.787158966 CEST	53	63816	8.8.8.8	192.168.2.6
May 18, 2021 18:11:26.098932981 CEST	55014	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:26.161222935 CEST	53	55014	8.8.8.8	192.168.2.6
May 18, 2021 18:11:26.181618929 CEST	62208	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:26.231321096 CEST	53	62208	8.8.8.8	192.168.2.6
May 18, 2021 18:11:27.182908058 CEST	62208	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:27.242603064 CEST	53	62208	8.8.8.8	192.168.2.6
May 18, 2021 18:11:28.198406935 CEST	62208	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:28.247971058 CEST	53	62208	8.8.8.8	192.168.2.6
May 18, 2021 18:11:29.585282087 CEST	50339	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:29.637998104 CEST	53	50339	8.8.8.8	192.168.2.6
May 18, 2021 18:11:30.280105114 CEST	62208	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:30.338670969 CEST	53	62208	8.8.8.8	192.168.2.6
May 18, 2021 18:11:34.292819023 CEST	62208	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:34.342525005 CEST	53	62208	8.8.8.8	192.168.2.6
May 18, 2021 18:11:36.498636007 CEST	57574	53	192.168.2.6	8.8.8.8
May 18, 2021 18:11:36.559575081 CEST	53	57574	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 18, 2021 18:10:56.894735098 CEST	192.168.2.6	8.8.8.8	0xe67c	Standard query (0)	m365.eu.vadesecure.com	A (IP address)	IN (0x0001)
May 18, 2021 18:10:59.487915993 CEST	192.168.2.6	8.8.8.8	0x7c3e	Standard query (0)	nam04.safelinks.protection.outlook.com	A (IP address)	IN (0x0001)
May 18, 2021 18:11:01.317836046 CEST	192.168.2.6	8.8.8.8	0xd1c3	Standard query (0)	login.microsoftonline.com	A (IP address)	IN (0x0001)
May 18, 2021 18:11:01.804048061 CEST	192.168.2.6	8.8.8.8	0xe251	Standard query (0)	aadcdn.msauth.net	A (IP address)	IN (0x0001)
May 18, 2021 18:11:13.678124905 CEST	192.168.2.6	8.8.8.8	0xe15	Standard query (0)	aadcdn.msauth.net	A (IP address)	IN (0x0001)
May 18, 2021 18:11:16.940918922 CEST	192.168.2.6	8.8.8.8	0xd7cb	Standard query (0)	signup.live.com	A (IP address)	IN (0x0001)
May 18, 2021 18:11:17.903264999 CEST	192.168.2.6	8.8.8.8	0x177d	Standard query (0)	acctcdn.msauth.net	A (IP address)	IN (0x0001)
May 18, 2021 18:11:19.680918932 CEST	192.168.2.6	8.8.8.8	0x3ba3	Standard query (0)	fpt.live.com	A (IP address)	IN (0x0001)
May 18, 2021 18:11:21.590369940 CEST	192.168.2.6	8.8.8.8	0x5612	Standard query (0)	ajax.aspnetcdn.com	A (IP address)	IN (0x0001)
May 18, 2021 18:11:25.727502108 CEST	192.168.2.6	8.8.8.8	0x39aa	Standard query (0)	assets.onestore.ms	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 18, 2021 18:10:56.952841997 CEST	8.8.8.8	192.168.2.6	0xe67c	No error (0)	m365.eu.vadesecure.com		40.89.138.20	A (IP address)	IN (0x0001)
May 18, 2021 18:10:59.547851086 CEST	8.8.8.8	192.168.2.6	0x7c3e	No error (0)	nam04.safelinks.protection.outlook.com		104.47.44.28	A (IP address)	IN (0x0001)
May 18, 2021 18:10:59.547851086 CEST	8.8.8.8	192.168.2.6	0x7c3e	No error (0)	nam04.safelinks.protection.outlook.com		104.47.74.28	A (IP address)	IN (0x0001)
May 18, 2021 18:11:00.925002098 CEST	8.8.8.8	192.168.2.6	0xcac1	No error (0)	teams.office.com	teams-office-com.s-0005.s-msedge.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:01.379018068 CEST	8.8.8.8	192.168.2.6	0xd1c3	No error (0)	login.microsoftonline.com	a.privatelink.msidentity.com		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:01.379018068 CEST	8.8.8.8	192.168.2.6	0xd1c3	No error (0)	a.privatelink.msidentity.com	prda.aadg.msidentity.com		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:01.379018068 CEST	8.8.8.8	192.168.2.6	0xd1c3	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:01.876538992 CEST	8.8.8.8	192.168.2.6	0xe251	No error (0)	aadcdn.msauth.net	aadcdnoriginwus2.azureedge.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:09.829827070 CEST	8.8.8.8	192.168.2.6	0x4913	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:13.747951984 CEST	8.8.8.8	192.168.2.6	0xe15	No error (0)	aadcdn.msauth.net	aadcdnoriginwus2.azureedge.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:17.012808084 CEST	8.8.8.8	192.168.2.6	0xd7cb	No error (0)	signup.live.com	account.msa.msidentity.com		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:17.012808084 CEST	8.8.8.8	192.168.2.6	0xd7cb	No error (0)	account.msa.msidentity.com	account.msa.akadns6.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:17.961322069 CEST	8.8.8.8	192.168.2.6	0x177d	No error (0)	acctcdn.msauth.net	acctcdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:17.961322069 CEST	8.8.8.8	192.168.2.6	0x177d	No error (0)	scdn1efff.wpc.9da5e.alphacdn.net	sni1gl.wpc.alphacdn.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:17.961322069 CEST	8.8.8.8	192.168.2.6	0x177d	No error (0)	sni1gl.wpc.alphacdn.net		152.199.21.175	A (IP address)	IN (0x0001)
May 18, 2021 18:11:19.750391006 CEST	8.8.8.8	192.168.2.6	0x3ba3	No error (0)	fpt.live.com	fpt.microsoft.com		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:21.650779963 CEST	8.8.8.8	192.168.2.6	0x5612	No error (0)	ajax.aspnetcdn.com	mscomajax.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:21.668365002 CEST	8.8.8.8	192.168.2.6	0xc15f	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
May 18, 2021 18:11:25.787158966 CEST	8.8.8.8	192.168.2.6	0x39aa	No error (0)	assets.onestore.ms	assets.onestore.ms.akadns.net		CNAME (Canonical name)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 18, 2021 18:10:57.075382948 CEST	40.89.138.20	443	192.168.2.6	49693	CN=*.eu.vadesecure.com CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR	CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Tue Jul 07 02:00:00 CEST 2020 Fri Sep 12 02:00:00 CEST 2014	Mon Jul 18 01:59:59 CEST 2022 Thu Sep 12 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:10:57.075382948 CEST	40.89.138.20	443	192.168.2.6	49693	CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Sep 12 02:00:00 CEST 2014	Thu Sep 12 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:10:57.076294899 CEST	40.89.138.20	443	192.168.2.6	49694	CN=*.eu.vadesecure.com CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR	CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Tue Jul 07 02:00:00 CEST 2020 Fri Sep 12 02:00:00 CEST 2014	Mon Jul 18 01:59:59 CEST 2022 Thu Sep 12 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:10:57.076294899 CEST	40.89.138.20	443	192.168.2.6	49694	CN=Gandi Standard SSL CA 2, O=Gandi, L=Paris, ST=Paris, C=FR	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Sep 12 02:00:00 CEST 2014	Thu Sep 12 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.159887075 CEST	152.199.21.175	443	192.168.2.6	49732	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.159887075 CEST	152.199.21.175	443	192.168.2.6	49732	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160047054 CEST	152.199.21.175	443	192.168.2.6	49733	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160047054 CEST	152.199.21.175	443	192.168.2.6	49733	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160060883 CEST	152.199.21.175	443	192.168.2.6	49734	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160060883 CEST	152.199.21.175	443	192.168.2.6	49734	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160099030 CEST	152.199.21.175	443	192.168.2.6	49735	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160099030 CEST	152.199.21.175	443	192.168.2.6	49735	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160522938 CEST	152.199.21.175	443	192.168.2.6	49730	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160522938 CEST	152.199.21.175	443	192.168.2.6	49730	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160598040 CEST	152.199.21.175	443	192.168.2.6	49731	CN=identitycdn.msauth.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Apr 13 20:52:18 CEST 2021 Wed Jul 29 14:30:00 CEST 2020	Fri Apr 08 20:52:18 CEST 2022 Fri Jun 28 01:59:59 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
May 18, 2021 18:11:18.160598040 CEST	152.199.21.175	443	192.168.2.6	49731	CN=Microsoft Azure TLS Issuing CA 06, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Jul 29 14:30:00 CEST 2020	Fri Jun 28 01:59:59 CEST 2024		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5904 Parent PID: 792

General

Start time:	18:10:50
Start date:	18/05/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff721e20000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: iexplore.exe PID: 4876 Parent PID: 5904

General

Start time:	18:10:54
Start date:	18/05/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5904 CREDAT:17410 /prefetch:2
Imagebase:	0x940000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: TokenBrokerCookies.exe PID: 1320 Parent PID: 5904

General

Start time:	18:11:07
Start date:	18/05/2021
Path:	C:\Windows\System32\TokenBrokerCookies.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\TokenBrokerCookies.exe <no_string> https://login.microsoftonline.com/ 0 tbauth://login.windows.net/?context=https%3A%2F%2Flogin.microsoftonline.com&request_nonce=AwABAAAAAAACAOz_BAD0_3YctQdcsyBijhwC-CAxF25x3Hlo_3KNwJymm43-sa4WbrdjtIDlA-Ce507tW7wK8NaiDKoKqaasEsOqBQrRc9MgAA&rid=b0ab1581-3f55-4a7e-a96d-2e3f21652200 ESTSUSERLIST %7b%22users%22%3a%5b%5d%7d login.microsoftonline.com / 0 718258756 30889804 1
Imagebase:	0x7ff7f1680000
File size:	35840 bytes
MD5 hash:	17F27A76AC8E9869C8F1BE286D88570A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Phishing:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5904 Parent PID: 792

General

Chronological Activities

Analysis Process: iexplore.exe PID: 4876 Parent PID: 5904

General

Chronological Activities

Analysis Process: TokenBrokerCookies.exe PID: 1320 Parent PID: 5904

General

Chronological Activities

Disassembly

Code Analysis