Create Interactive Tour

Windows Analysis Report
https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf

Overview

General Information

Sample URL:https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf
Analysis ID:1640111
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9704534767936909127,18304782859894759364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 2904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
2.5.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
    2.3.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
      2.3.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
        2.9..script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
          2.5.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
            Click to see the 19 entries
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Source: https://sharingsecuredocs.com/index.htmlJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The URL 'sharingsecuredocs.com' does not match the legitimate domain for Microsoft., The URL does not contain any direct reference to Microsoft, which is suspicious., The domain 'sharingsecuredocs.com' could be attempting to mimic a legitimate service by using a generic and trustworthy-sounding name., The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft account credentials. DOM: 2.6.pages.csv
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 2.7.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.22..script.csv, type: HTML
            Source: Yara matchFile source: 2.19.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.3.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.9..script.csv, type: HTML
            Source: Yara matchFile source: 2.4.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.14..script.csv, type: HTML
            Source: Yara matchFile source: 2.12.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.15..script.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 2.7.pages.csv, type: HTML
            Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdfJoe Sandbox AI: Page contains button: 'Open' Source: '0.0.pages.csv'
            Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdfJoe Sandbox AI: Page contains button: 'Open' Source: '0.1.pages.csv'
            Source: 2.4..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to execute a malicious payload by decoding and evaluating a heavily encoded string. This is a clear indication of malicious intent and poses a significant security risk.
            Source: 2.3.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking keyboard shortcuts and right-click functionality, and using a setInterval loop to trigger a redirect to an external website after a certain time delay. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing user interaction and redirecting to a potentially malicious site.
            Source: 2.2.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated URLs. It creates an iframe with a sandboxed environment that allows for a wide range of potentially malicious actions, including navigation, modals, scripts, and form access. The script also clears the entire document body and replaces it with the malicious iframe, indicating a strong intent to take over the user's session. Overall, this script exhibits a high level of suspicion and poses a significant risk to the user's security and privacy.
            Source: 2.5.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution via `eval()` and potential data exfiltration. The obfuscated code and use of proxy objects further increase the risk. Overall, this script exhibits a high level of suspicious activity and should be thoroughly investigated.
            Source: 2.10..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/... This script exhibits several high-risk behaviors, including dynamic code execution through the use of `atob()` and string manipulation to obfuscate the code. It also appears to be sending data to an external domain, which could potentially be used for data exfiltration. The heavily obfuscated nature of the script and the lack of transparency around its purpose and functionality suggest a high likelihood of malicious intent.
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: Number of links: 0
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AI UI Template</title> <style> body { font-family: 'Segoe UI', Tahoma, Geneva,...
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: Title: Profile Security Sign-In does not match URL
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: Invalid link: Terms of use
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: Invalid link: Privacy & cookies
            Source: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/HTTP Parser: function uloajzaiqa(){koxvhjpvwr = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+qukgvukgvgvtcgxhdgu8l3rpdgxlpgogicagphn0ewxlpgogicagicagigjvzhkgewogicagicagicagicbmb250lwzhbwlsetogj1nlz29lifvjjywgvgfob21hlcbhzw5ldmesifzlcmrhbmesihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmwe7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmwzdq3yte7ciagicagicagicagihbhzgrpbmc6idiwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogmnb4ihnvbglkicm2ngi1zjy7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploiazmnb4owogicagicagicagicbjb2xvcjogi2zmzmzmzjskicagicagicb9ciagicagicagbmf2ihskicagicagicagi...
            Source: anonymous functionHTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "jtmgcv";var emailcheck = "0";var webname = "rtrim(/web9/, '/')";var urlo = "/tnre0se58ewlcbc3ejwcekyykb16ehdpq3ouepilztdm4ngnpe";var gdf = "/ije7bs3fhpp1tlow0dwya245jyzfmpmfjaytdcomskab120";var odf = "/ijxsmgrr19jepaawxujp9bxyamibdboyab650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent.match(/edg/i)){ browse...
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: <input type="password" .../> found
            Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdfHTTP Parser: No favicon
            Source: file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdfHTTP Parser: No favicon
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: No favicon
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: No favicon
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: No <meta name="author".. found
            Source: https://sharingsecuredocs.com/index.htmlHTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49722 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49724 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49727 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.16:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.16:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49782 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49787 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49792 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 6MB later: 38MB
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.99
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: global trafficHTTP traffic detected: GET /_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf HTTP/1.1Host: apply.atu.ieConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /web HTTP/1.1Host: sharing-doc.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /web/ HTTP/1.1Host: sharing-doc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /index.html HTTP/1.1Host: sharingsecuredocs.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://sharing-doc.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /MlpoRIIJ/ HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://sharingsecuredocs.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sharingsecuredocs.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://sharingsecuredocs.com/index.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /tarboz$nrocpvfb HTTP/1.1Host: 67os5y.szsnqp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://lm3w2e.dsqhfznmzlq.esSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /tarboz$nrocpvfb HTTP/1.1Host: 67os5y.szsnqp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /MlpoRIIJ/ HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImRSeVBLV1FFRFV4bko2ZGUrUm5lTnc9PSIsInZhbHVlIjoicnV1NjdkblJQSTkzOWNLamtJd0V4bTJYazUySXoyL1FNUFdITkJ2b2hxbDJvSmNxQ1d1STExSU5NT3NUSGdiNDFPc3JEdHhuV1BXL2FoNUVHWS83QkNQZnd3dnd2WGdTVnl1RFR3V25sL05tdkpKOXY1TkJqMDhZODdIUDZTZTkiLCJtYWMiOiJhNTQzYTA4N2E3YWMzZTMyMTk1NzM3NDc1ODIwN2M3MWM4ZDdkMjg0YTI0MGM5YzYyMTFiMDZmMDA2MGJlMzFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1FamYwVEhLSU4vN1IrdVpGWnI4TXc9PSIsInZhbHVlIjoiZUpmSFlQUUZ5UGk1dEZZM2M5Qko1eWhxZERINHltbGcwaXgwODFGckI1Q3FnQmQzcGxuZ2xydE1pd25aK3UxNVRrMFdlSE95Z3BPUVlNMW1yeUZ0bjFyUEFOTEhLUG5IRXJDcW5XbHdLeW11a090dmJqV0NDUGpBbitQWkRnSVgiLCJtYWMiOiJkNzJiZWU1MDQ4MmFhYzMzMDEwYTExNDBmNGIwYzA5YjdhN2E3N2FmNzVhYjgwZWQyM2U1MTY3ODE0YmE0NDE0IiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /vbVUo3l2BlrtTiLDwfcO60D0vQde HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImRSeVBLV1FFRFV4bko2ZGUrUm5lTnc9PSIsInZhbHVlIjoicnV1NjdkblJQSTkzOWNLamtJd0V4bTJYazUySXoyL1FNUFdITkJ2b2hxbDJvSmNxQ1d1STExSU5NT3NUSGdiNDFPc3JEdHhuV1BXL2FoNUVHWS83QkNQZnd3dnd2WGdTVnl1RFR3V25sL05tdkpKOXY1TkJqMDhZODdIUDZTZTkiLCJtYWMiOiJhNTQzYTA4N2E3YWMzZTMyMTk1NzM3NDc1ODIwN2M3MWM4ZDdkMjg0YTI0MGM5YzYyMTFiMDZmMDA2MGJlMzFlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im1FamYwVEhLSU4vN1IrdVpGWnI4TXc9PSIsInZhbHVlIjoiZUpmSFlQUUZ5UGk1dEZZM2M5Qko1eWhxZERINHltbGcwaXgwODFGckI1Q3FnQmQzcGxuZ2xydE1pd25aK3UxNVRrMFdlSE95Z3BPUVlNMW1yeUZ0bjFyUEFOTEhLUG5IRXJDcW5XbHdLeW11a090dmJqV0NDUGpBbitQWkRnSVgiLCJtYWMiOiJkNzJiZWU1MDQ4MmFhYzMzMDEwYTExNDBmNGIwYzA5YjdhN2E3N2FmNzVhYjgwZWQyM2U1MTY3ODE0YmE0NDE0IiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /zcsyeCiK7VGCnyxIlv2uLTtawgwF7KBZM5GAe7kIgy HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVXNEt4MWdkNE5QN2JpOTIxMzVNNlE9PSIsInZhbHVlIjoiRUdjYUhyd1gwbS9yUWtDLzJVM1huQng4YlorK0lsbXk2Rk5tS2VTVFpMMndoeDlrYVhFb2xvZXdBWGdXUzJscEFXaEk4dVlYZlhmSldaRktoSDV1UzY2bVBiOGgxTUdCWWdFam1jR2RXTjhiZFNaTkM3NHUwblUwT0xKdEZJUk0iLCJtYWMiOiIwMmM3Yzk2MGJmODJlNDY3ZTRlMGJiOWQ1N2FiZjRiYzlmYmU0NzUwZTM3YWU2YTA1Zjk1NjQ1YmQ3NjliOTRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InpaYlhWZmFWeXgyUG1SbldTRXZJMGc9PSIsInZhbHVlIjoiRTdkMnFRY2QxWktqZVpFT0JVL21HMmxIckxla0Zyb1ZZM2ZwYWVlN25UckFCSjB4dWg2dkZ2eFNqdVVmOTE2dXVVcnVMTG85YlRoTGwxV3pER1ZhdVNENHE3YWZLOWZKSnZOZnR1YTFQelU5RDIyeEFoM01jT2FucWVZdWJCVWQiLCJtYWMiOiJmMDQ4ZGMxYTY5Yzg4NDBhOWRiZjBmZTJmMTM1ODJjMmExNDM3MjEwZjA3ODQ1NmY1YjYxZjNkNGM2OWJkMzllIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGR HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkVXNEt4MWdkNE5QN2JpOTIxMzVNNlE9PSIsInZhbHVlIjoiRUdjYUhyd1gwbS9yUWtDLzJVM1huQng4YlorK0lsbXk2Rk5tS2VTVFpMMndoeDlrYVhFb2xvZXdBWGdXUzJscEFXaEk4dVlYZlhmSldaRktoSDV1UzY2bVBiOGgxTUdCWWdFam1jR2RXTjhiZFNaTkM3NHUwblUwT0xKdEZJUk0iLCJtYWMiOiIwMmM3Yzk2MGJmODJlNDY3ZTRlMGJiOWQ1N2FiZjRiYzlmYmU0NzUwZTM3YWU2YTA1Zjk1NjQ1YmQ3NjliOTRmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InpaYlhWZmFWeXgyUG1SbldTRXZJMGc9PSIsInZhbHVlIjoiRTdkMnFRY2QxWktqZVpFT0JVL21HMmxIckxla0Zyb1ZZM2ZwYWVlN25UckFCSjB4dWg2dkZ2eFNqdVVmOTE2dXVVcnVMTG85YlRoTGwxV3pER1ZhdVNENHE3YWZLOWZKSnZOZnR1YTFQelU5RDIyeEFoM01jT2FucWVZdWJCVWQiLCJtYWMiOiJmMDQ4ZGMxYTY5Yzg4NDBhOWRiZjBmZTJmMTM1ODJjMmExNDM3MjEwZjA3ODQ1NmY1YjYxZjNkNGM2OWJkMzllIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /349jehgmvGDfJbncd8oyT6720 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /abqSlkYCvJpqugh28 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveOrigin: https://lm3w2e.dsqhfznmzlq.essec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /34dg3giizS1pL1r8BMYijkJmj8H29GTNH289106 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250316%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250316T230007Z&X-Amz-Expires=300&X-Amz-Signature=caaec47887f222b9452363789f75995d835e74b324333811d0bd56923e766eb3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx215 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz221 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlUeVVnYTFrUHBvZVhiTDZFZlB5OGc9PSIsInZhbHVlIjoiK0cxTFNSTEFmVldrNTk1cXVHcmZqN2dxUmxBN1AwVE4yUnVENUlvbk9UVncyOVV4UWw1ZVRJWU1PSDdyWlFhcU5Da2c2dHFqU3ZFWElYYzZpMjhzZG1nSHozQ3JUNXgxcTZ5elNINW1NOGtMQVFua1g1QUNTSnNLd3RKY3E5bkkiLCJtYWMiOiIyZTRmM2NmMjY5MzBjYTBhNDE2MDY0ZTkyMzBkNjRmMWMzZmQzNTMzM2E2ZjIwNmNiNmVkNWFiOTgyZTE4NWMyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktWUTlmNFMzZjVWOFl4cHZSV2xxTFE9PSIsInZhbHVlIjoibmFPK1NEbDI5Zk0xU3BFc092ZHpOMUZQbWp6b0ZmOFNGd0VyVUlIMEk4R0FoQ0wraEJLVTJROG5ZWjlDYWc0VFg2eU1Ub1JObk9UUXBiT3gwc1B2dnhUZHJWdm5yTFRIYWI2VzUxb0NjcURiL0wzeks4enVndUc0RWFENFRZM1MiLCJtYWMiOiI2YmM3OTZmNDVkNmZjMmUxYzM3ZDM5MmVhZGU4MmM3MDAyYjMxYjFkNjQwMmRhZWI5NTM5MjlmYzk4MTE0NmFmIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /tnRE0Se58eWLCBC3ejWCEkYYkb16eHdpq3OuePIlztdm4ngNpe HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt12127 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr945134 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx215 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz221 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M78150 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB78170 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb90175 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr945134 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef200 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt12127 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC12209 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd240 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef260 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/BOFRPZOQXKPJYNEKCJSRJPCJIlxixpnlhybwmfatoaqvrhqwNJBEOQOXR0FHV1ONK4KLX?TKACIHJCDTNOIJLJUSWPTGRAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB78170 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M78150 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb90175 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://lm3w2e.dsqhfznmzlq.es/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef200 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd240 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC12209 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef260 HTTP/1.1Host: lm3w2e.dsqhfznmzlq.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVvbkdLUXByMjJUZGgvQzkwaFJBUVE9PSIsInZhbHVlIjoiay91cmttQ1Nzb2RRSllOck9TL1lBd3lSZXlWR25wRmcwRFMwaVpuYjFOVEtWcWQ1UjFTZHNzSStJU0pCQzZsb3pMOXB1MVFncXYvM2J4ZUg5WjlPcWp2UEFjRDJ5NjlNb2lpdTJlUjhzOW1XTVpIRGhwSStvazJieFZQQkhSWSsiLCJtYWMiOiJlMjAyZjkxNzhiY2E0NzIyOWEzYzZjYzcwYmYzNDg3ZDY4MzE4MGMyMTNmZTA0NDdmNDViNTEyZjYyNjVjZDI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRwMDFyL2dJTzg1bThUSE5tb1BLUHc9PSIsInZhbHVlIjoic0xJK21sYnNTWVdZTFdXRWFGcGVPdEdMaU8wWXBwK1BNRHZ3c2wwK2NlT2FiUEtnUExTVE8rM3JBdzJ4L2xPNTkrNExoeXZxemhKVGcxVkZGY0FVUFM5YWNTM1JtUG4rWUtaaUpqamR2cWNSejY3bDc3VHh3NC9WbnpwaHFGNE8iLCJtYWMiOiJlYjBlNTM3ODZjN2Y1OTU4MjI5YmM1NGQ4MDdmNjM2YzdhYWZjNTRhYTcxMjczZDVkMWJkY2JhN2FlZDljYzYyIiwidGFnIjoiIn0%3D
            Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: apply.atu.ie
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: sharing-doc.com
            Source: global trafficDNS traffic detected: DNS query: sharingsecuredocs.com
            Source: global trafficDNS traffic detected: DNS query: lm3w2e.dsqhfznmzlq.es
            Source: global trafficDNS traffic detected: DNS query: code.jquery.com
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: 67os5y.szsnqp.ru
            Source: global trafficDNS traffic detected: DNS query: github.com
            Source: global trafficDNS traffic detected: DNS query: ok4static.oktacdn.com
            Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
            Source: unknownHTTP traffic detected: POST /report/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 441Content-Type: application/reports+jsonOrigin: https://sharingsecuredocs.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 22:59:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingCache-Control: max-age=14400CF-Cache-Status: HITReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 9217dd23dec98c3b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1790&min_rtt=1783&rtt_var=684&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2871&recv_bytes=1187&delivery_rate=1583514&cwnd=236&unsent_bytes=0&cid=f58f1c5b2b60459c&ts=4187&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqoshaUD5svT4KWSWYeEuVxUPwFXVBIjDWYchP11LythjVoc7dxobInZWyQkzYqDxW1zDZ69n4mmZWWzz1TE%2BbR8k745i8%2B2kW6xtldXeCyjJ5DKsmGtS7yFENLJa%2BA7ye32"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=981&min_rtt=950&rtt_var=378&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2052&delivery_rate=2997894&cwnd=251&unsent_bytes=0&cid=64a1b2fa2680b09a&ts=214&x=0"Server: cloudflareCF-RAY: 9217dd535dc94294-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2288&min_rtt=2279&rtt_var=874&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1708&delivery_rate=1239388&cwnd=205&unsent_bytes=0&cid=a2062c099a019158&ts=500&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:06 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i94xZC3HKoxz744RyFlMkq%2BgeUnAcO86V3qV79%2BO5FbbSi7%2BtBCkmuxAYMZMuubriQltkq5Tav%2Bb3kGLTx%2Fmx84%2FvSbYAEbI%2FK5ZnxzG641P1MBNyDqYLi2UxPht7x0h%2FD%2Fg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1057&min_rtt=1048&rtt_var=304&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2066&delivery_rate=2641929&cwnd=247&unsent_bytes=0&cid=fd90759aee1a5a87&ts=248&x=0"Server: cloudflareCF-RAY: 9217dd5feb8d43af-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1566&rtt_var=602&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2834&recv_bytes=1722&delivery_rate=1794714&cwnd=148&unsent_bytes=0&cid=a8760c7b7aed4c82&ts=538&x=0"
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 16 Mar 2025 23:00:10 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XtpEiYERUGiv1T4mAKQGww%2B%2FlxxptS11qSF1w%2FD%2BdFw0AtWL3Yiaci89Ezy5%2B5pM1W%2FtvLooB9LKkO56zFhkH89m6Q0xbVI0CRp%2FJzek%2BpsUgtt8aOmiwKkYFlykI9UF6M17"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1004&min_rtt=998&rtt_var=378&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2075&delivery_rate=2853707&cwnd=244&unsent_bytes=0&cid=8025f23ff935c9b1&ts=245&x=0"Server: cloudflareCF-RAY: 9217dd7b7b7a4269-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1679&rtt_var=637&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2833&recv_bytes=1730&delivery_rate=1706604&cwnd=251&unsent_bytes=0&cid=01b59e46afdbab4b&ts=516&x=0"
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.105.232.9:443 -> 192.168.2.16:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49720 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 107.180.117.105:443 -> 192.168.2.16:49721 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49722 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.4.181:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.16:49724 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49726 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.16:49727 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.16:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.16:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.16:49745 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.16:49751 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.120:443 -> 192.168.2.16:49765 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.16:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49782 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.185.100:443 -> 192.168.2.16:49787 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49792 version: TLS 1.2
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6300_2012682271
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6300_2012682271
            Source: classification engineClassification label: mal100.phis.evad.win@32/1@34/230
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\fedb6690-802a-453e-baba-eb1fa15c823c.tmp
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9704534767936909127,18304782859894759364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9704534767936909127,18304782859894759364,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries

            Malware Analysis System Evasion

            barindex
            Source: Yara matchFile source: 2.3.d.script.csv, type: HTML
            Source: Yara matchFile source: 2.14..script.csv, type: HTML
            Source: Yara matchFile source: 2.15..script.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 2.7.pages.csv, type: HTML
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting
            Valid AccountsWindows Management Instrumentation2
            Browser Extensions
            1
            Process Injection
            13
            Masquerading
            OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Scripting
            1
            Extra Window Memory Injection
            1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            File Deletion
            NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Extra Window Memory Injection
            LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf0%Avira URL Cloudsafe
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdf0%Avira URL Cloudsafe
            https://sharing-doc.com/web0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/0%Avira URL Cloudsafe
            https://a.nel.cloudflare.com/report/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3D0%Avira URL Cloudsafe
            https://sharing-doc.com/web/0%Avira URL Cloudsafe
            https://sharingsecuredocs.com/favicon.ico0%Avira URL Cloudsafe
            https://67os5y.szsnqp.ru/tarboz$nrocpvfb0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/vbVUo3l2BlrtTiLDwfcO60D0vQde0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz2210%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/zcsyeCiK7VGCnyxIlv2uLTtawgwF7KBZM5GAe7kIgy0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/tnRE0Se58eWLCBC3ejWCEkYYkb16eHdpq3OuePIlztdm4ngNpe0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-regular.woff20%Avira URL Cloudsafe
            https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t70%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-bold.woff20%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt121270%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef2600%Avira URL Cloudsafe
            https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb901750%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd2400%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-vf.woff20%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx2150%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/abqSlkYCvJpqugh280%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/34dg3giizS1pL1r8BMYijkJmj8H29GTNH2891060%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-bold.woff0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef2000%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-regular.woff0%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr9451340%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M781500%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB781700%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/349jehgmvGDfJbncd8oyT67200%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/GDSherpa-vf2.woff20%Avira URL Cloudsafe
            https://lm3w2e.dsqhfznmzlq.es/ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC122090%Avira URL Cloudsafe
            https://a.nel.cloudflare.com/report/v4?s=yqLIyytp2ckA1ApRYyuw%2BB1rXn6zSwtuDB38HzIRSxiejEpDubTHGkkHrvq0daFmk%2FAhtqVuhpa5VjZH8SXK3xx9rRyy2cF%2F4W%2FmvRQJfTngWKOaQQhlpzk9J7hzLmkihIw00%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            sharingsecuredocs.com
            104.21.4.181
            truetrue
              unknown
              a.nel.cloudflare.com
              35.190.80.1
              truefalse
                high
                github.com
                140.82.121.4
                truefalse
                  high
                  waws-prod-am2-557-d2c0.westeurope.cloudapp.azure.com
                  20.105.232.9
                  truefalse
                    unknown
                    lm3w2e.dsqhfznmzlq.es
                    104.21.16.1
                    truetrue
                      unknown
                      67os5y.szsnqp.ru
                      188.114.96.3
                      truefalse
                        unknown
                        code.jquery.com
                        151.101.130.137
                        truefalse
                          high
                          cdnjs.cloudflare.com
                          104.17.24.14
                          truefalse
                            high
                            challenges.cloudflare.com
                            104.18.94.41
                            truefalse
                              high
                              www.google.com
                              142.250.185.100
                              truefalse
                                high
                                d19d360lklgih4.cloudfront.net
                                13.33.187.120
                                truefalse
                                  high
                                  sharing-doc.com
                                  107.180.117.105
                                  truefalse
                                    unknown
                                    objects.githubusercontent.com
                                    185.199.110.133
                                    truefalse
                                      high
                                      apply.atu.ie
                                      unknown
                                      unknownfalse
                                        unknown
                                        ok4static.oktacdn.com
                                        unknown
                                        unknownfalse
                                          high
                                          NameMaliciousAntivirus DetectionReputation
                                          https://lm3w2e.dsqhfznmzlq.es/vbVUo3l2BlrtTiLDwfcO60D0vQdefalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://lm3w2e.dsqhfznmzlq.es/wxApmqCHdhI9WCbZVohst6HQMGFgMH6hKKFlLOt12127false
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7false
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://lm3w2e.dsqhfznmzlq.es/tnRE0Se58eWLCBC3ejWCEkYYkb16eHdpq3OuePIlztdm4ngNpefalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://sharingsecuredocs.com/favicon.icofalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                            high
                                            https://lm3w2e.dsqhfznmzlq.es/ijeyf4M4qkLC6N79HlPA2Lj3xqrlLhb2MR5V7XE1fNHuAoaNID0yz221false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                              high
                                              https://lm3w2e.dsqhfznmzlq.es/zcsyeCiK7VGCnyxIlv2uLTtawgwF7KBZM5GAe7kIgyfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://lm3w2e.dsqhfznmzlq.es/GDSherpa-regular.woff2false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.cssfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://lm3w2e.dsqhfznmzlq.es/GDSherpa-bold.woff2false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://lm3w2e.dsqhfznmzlq.es/st8gN2jgKQnIPchyGa56fu47cepUYZEe08I1sl45Qgj1XKn2ehvi2t0bL4cwqoaVfmXef260false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                                high
                                                https://lm3w2e.dsqhfznmzlq.es/wxVzaQwkwsgLRKfwqdcJ3mHBmYBGrs95hlABdiuGPgkxjgWgb90175false
                                                • Avira URL Cloud: safe
                                                unknown
                                                file:///C:/Users/user/Downloads/CONFIDENTIALDoc_Au89994.pdftrue
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://lm3w2e.dsqhfznmzlq.es/qrP6RmVW07q5q2IzmAMROCmNGikm8kh7E6A12tTtG2NFT6CgR3ONMp9GAgZxcd240false
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://a.nel.cloudflare.com/report/v4?s=emo65dp1%2FiFMvflblQh%2B%2Fns59YjWdhZ%2Fdkd4fikCVLGJwn4OOtAwyK7X3D5me89dNpmhFNREVSVjy%2FXDX%2BR%2FWlYSVg436KZ67N%2BkTIFzDHJ%2Bal1SAsof2WopE8IvYax1OtHRmoIns7A%3Dfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://lm3w2e.dsqhfznmzlq.es/GDSherpa-vf.woff2false
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://lm3w2e.dsqhfznmzlq.es/34dg3giizS1pL1r8BMYijkJmj8H29GTNH289106false
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.cssfalse
                                                  high
                                                  https://lm3w2e.dsqhfznmzlq.es/abqSlkYCvJpqugh28false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://lm3w2e.dsqhfznmzlq.es/mnQd1MsWLge7a8iyjD9U1jjN9J7UE3pijASdCoux0dvMH2YPjAaoTqhbwx215false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://lm3w2e.dsqhfznmzlq.es/GDSherpa-regular.wofffalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://sharing-doc.com/webfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://lm3w2e.dsqhfznmzlq.es/opHErn7mX1u8KdxEHMaywN3odcqJkYf8R7mn8OzEGwDSEr945134false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                                                    high
                                                    https://lm3w2e.dsqhfznmzlq.es/GDSherpa-bold.wofffalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://lm3w2e.dsqhfznmzlq.es/rsoydHV5BZKENgEhT3EXjEalK8CRL8ZZeG9ijS6JUF3KhjXfJkNjvKqkef200false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://sharingsecuredocs.com/index.htmltrue
                                                      unknown
                                                      https://67os5y.szsnqp.ru/tarboz$nrocpvfbfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://lm3w2e.dsqhfznmzlq.es/349jehgmvGDfJbncd8oyT6720false
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://lm3w2e.dsqhfznmzlq.es/ijFMnyUutKWXvsd0Ggp1irWn51kcdJaDiEvbY2ESzJaXrOgKBB78170false
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://lm3w2e.dsqhfznmzlq.es/ghYlMOFHzsxVrsIYyNytBdbZMPaW5MCSzUF9TyITmnkLZFgkPT8h2RUFtfSl1NXFQk53HtC12209false
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://lm3w2e.dsqhfznmzlq.es/MlpoRIIJ/true
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdffalse
                                                        unknown
                                                        https://lm3w2e.dsqhfznmzlq.es/GDSherpa-vf2.woff2false
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://lm3w2e.dsqhfznmzlq.es/mnP7EwkRNtEkVn1sTCJOBYWNyoAZDuvp8Z1VLUw76wMZeldU87F4M78150false
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://a.nel.cloudflare.com/report/v4?s=yqLIyytp2ckA1ApRYyuw%2BB1rXn6zSwtuDB38HzIRSxiejEpDubTHGkkHrvq0daFmk%2FAhtqVuhpa5VjZH8SXK3xx9rRyy2cF%2F4W%2FmvRQJfTngWKOaQQhlpzk9J7hzLmkihIw0false
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://sharing-doc.com/web/false
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs
                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        104.18.94.41
                                                        challenges.cloudflare.comUnited States
                                                        13335CLOUDFLARENETUSfalse
                                                        13.33.187.14
                                                        unknownUnited States
                                                        16509AMAZON-02USfalse
                                                        216.58.206.78
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        142.250.185.100
                                                        www.google.comUnited States
                                                        15169GOOGLEUSfalse
                                                        104.21.4.181
                                                        sharingsecuredocs.comUnited States
                                                        13335CLOUDFLARENETUStrue
                                                        151.101.130.137
                                                        code.jquery.comUnited States
                                                        54113FASTLYUSfalse
                                                        142.250.185.142
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        104.21.96.1
                                                        unknownUnited States
                                                        13335CLOUDFLARENETUSfalse
                                                        35.190.80.1
                                                        a.nel.cloudflare.comUnited States
                                                        15169GOOGLEUSfalse
                                                        142.250.184.227
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        185.199.110.133
                                                        objects.githubusercontent.comNetherlands
                                                        54113FASTLYUSfalse
                                                        142.250.184.195
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        104.17.24.14
                                                        cdnjs.cloudflare.comUnited States
                                                        13335CLOUDFLARENETUSfalse
                                                        104.21.16.1
                                                        lm3w2e.dsqhfznmzlq.esUnited States
                                                        13335CLOUDFLARENETUStrue
                                                        1.1.1.1
                                                        unknownAustralia
                                                        13335CLOUDFLARENETUSfalse
                                                        13.33.187.120
                                                        d19d360lklgih4.cloudfront.netUnited States
                                                        16509AMAZON-02USfalse
                                                        172.217.18.3
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        140.82.121.4
                                                        github.comUnited States
                                                        36459GITHUBUSfalse
                                                        20.105.232.9
                                                        waws-prod-am2-557-d2c0.westeurope.cloudapp.azure.comUnited States
                                                        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                        216.58.206.46
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        107.180.117.105
                                                        sharing-doc.comUnited States
                                                        26496AS-26496-GO-DADDY-COM-LLCUSfalse
                                                        64.233.167.84
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        172.217.18.106
                                                        unknownUnited States
                                                        15169GOOGLEUSfalse
                                                        188.114.96.3
                                                        67os5y.szsnqp.ruEuropean Union
                                                        13335CLOUDFLARENETUSfalse
                                                        IP
                                                        192.168.2.16
                                                        Joe Sandbox version:42.0.0 Malachite
                                                        Analysis ID:1640111
                                                        Start date and time:2025-03-16 23:59:01 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                        Sample URL:https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:17
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • EGA enabled
                                                        Analysis Mode:stream
                                                        Analysis stop reason:Timeout
                                                        Detection:MAL
                                                        Classification:mal100.phis.evad.win@32/1@34/230
                                                        • Exclude process from analysis (whitelisted): svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 142.250.185.142, 142.250.184.227, 216.58.206.46, 64.233.167.84
                                                        • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                        • VT rate limit hit for: https://apply.atu.ie/_entity/sharepointdocumentlocation/a10f35db-a302-f011-bae2-7c1e524f2423/903e00e6-7542-ee11-bdf3-6045bd8c56d2?file=CONFIDENTIALDoc_Au89994.pdf
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PDF document, version 2.0
                                                        Category:dropped
                                                        Size (bytes):0
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:26E3651CC305F63954D2A347A1B957B3
                                                        SHA1:FBC1C793E40900B9BA7B03A6602F41AC665DF777
                                                        SHA-256:0F0EBB539F25E69A74B6461D67315F6A1B02923469631004EE35D9358AFF2320
                                                        SHA-512:3F59BD2C58AC57799031961957BAECBB1BB3730C9B501DE75B0E5E12329A309992B9846731ABE56F1B9C5F96263B2A7D9F1B711849D9357DA668022693AC9EE2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:%PDF-2.0.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Lang (en-US)./StructTreeRoot 5 0 R./MarkInfo 6 0 R./Metadata 7 0 R./ViewerPreferences 8 0 R./AcroForm 9 0 R.>>.endobj.7 0 obj.<<./Type /Metadata./Subtype /XML./Filter /FlateDecode./Length 467.>>.stream..x..V.n.0...).w..mhJ..*...I..F.....6.#h^m.=.^a.......@....~..8....2e;.....2..~....Bp;KpR...........w...E.t.+....\..A.....>.#`.-z...&...D..*...xu..]...)Bm..k.......v..@..........#C.kV.R.%..>.F..XG.r.+k.7f3U s.....z..F....{..C<....6.....e.O.........\D.Ea]+..\.6..P.]h.}.M3..G...{.......Ry..V.Zm.u..,@....xlV.`.CB....9u./.S.G..G&*... G..1.$y}.E.8.$..b...^.Q...V.......2..YLfpN.Kx~F..j. x...>...d.S..{.F..^...g..D&.Id..D&....~.&'..p..Qp..\.t....z#<...endstream.endobj.22 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.23 0 obj.<<./Filter /FlateDecode./Length 2043.>>.stream..x....n.9....8....I......j..a.E.!...o.........#.vU..u.........g....7'.5....cXf.........f.|~.l......'.zz.
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PDF document, version 2.0
                                                        Category:dropped
                                                        Size (bytes):0
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:26E3651CC305F63954D2A347A1B957B3
                                                        SHA1:FBC1C793E40900B9BA7B03A6602F41AC665DF777
                                                        SHA-256:0F0EBB539F25E69A74B6461D67315F6A1B02923469631004EE35D9358AFF2320
                                                        SHA-512:3F59BD2C58AC57799031961957BAECBB1BB3730C9B501DE75B0E5E12329A309992B9846731ABE56F1B9C5F96263B2A7D9F1B711849D9357DA668022693AC9EE2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:%PDF-2.0.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Lang (en-US)./StructTreeRoot 5 0 R./MarkInfo 6 0 R./Metadata 7 0 R./ViewerPreferences 8 0 R./AcroForm 9 0 R.>>.endobj.7 0 obj.<<./Type /Metadata./Subtype /XML./Filter /FlateDecode./Length 467.>>.stream..x..V.n.0...).w..mhJ..*...I..F.....6.#h^m.=.^a.......@....~..8....2e;.....2..~....Bp;KpR...........w...E.t.+....\..A.....>.#`.-z...&...D..*...xu..]...)Bm..k.......v..@..........#C.kV.R.%..>.F..XG.r.+k.7f3U s.....z..F....{..C<....6.....e.O.........\D.Ea]+..\.6..P.]h.}.M3..G...{.......Ry..V.Zm.u..,@....xlV.`.CB....9u./.S.G..G&*... G..1.$y}.E.8.$..b...^.Q...V.......2..YLfpN.Kx~F..j. x...>...d.S..{.F..^...g..D&.Id..D&....~.&'..p..Qp..\.t....z#<...endstream.endobj.22 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.23 0 obj.<<./Filter /FlateDecode./Length 2043.>>.stream..x....n.9....8....I......j..a.E.!...o.........#.vU..u.........g....7'.5....cXf.........f.|~.l......'.zz.
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PDF document, version 2.0
                                                        Category:dropped
                                                        Size (bytes):14313
                                                        Entropy (8bit):7.88184477602589
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:26E3651CC305F63954D2A347A1B957B3
                                                        SHA1:FBC1C793E40900B9BA7B03A6602F41AC665DF777
                                                        SHA-256:0F0EBB539F25E69A74B6461D67315F6A1B02923469631004EE35D9358AFF2320
                                                        SHA-512:3F59BD2C58AC57799031961957BAECBB1BB3730C9B501DE75B0E5E12329A309992B9846731ABE56F1B9C5F96263B2A7D9F1B711849D9357DA668022693AC9EE2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:%PDF-2.0.%.....2 0 obj.<<./Type /Catalog./Pages 4 0 R./Lang (en-US)./StructTreeRoot 5 0 R./MarkInfo 6 0 R./Metadata 7 0 R./ViewerPreferences 8 0 R./AcroForm 9 0 R.>>.endobj.7 0 obj.<<./Type /Metadata./Subtype /XML./Filter /FlateDecode./Length 467.>>.stream..x..V.n.0...).w..mhJ..*...I..F.....6.#h^m.=.^a.......@....~..8....2e;.....2..~....Bp;KpR...........w...E.t.+....\..A.....>.#`.-z...&...D..*...xu..]...)Bm..k.......v..@..........#C.kV.R.%..>.F..XG.r.+k.7f3U s.....z..F....{..C<....6.....e.O.........\D.Ea]+..\.6..P.]h.}.M3..G...{.......Ry..V.Zm.u..,@....xlV.`.CB....9u./.S.G..G&*... G..1.$y}.E.8.$..b...^.Q...V.......2..YLfpN.Kx~F..j. x...>...d.S..{.F..^...g..D&.Id..D&....~.&'..p..Qp..\.t....z#<...endstream.endobj.22 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......|..endstream.endobj.23 0 obj.<<./Filter /FlateDecode./Length 2043.>>.stream..x....n.9....8....I......j..a.E.!...o.........#.vU..u.........g....7'.5....cXf.........f.|~.l......'.zz.
                                                        No static file info