Play interactive tourCreate Interactive Tour

Windows Analysis Report
https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000

Overview

General Information

Sample URL:	https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000
Analysis ID:	1654640
Infos:

Detection

HTMLPhisher, ReCaptcha Phish

Score:	88
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish45

Yara detected HtmlPhish54

Yara detected Recaptcha Phish

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Performs DNS queries to domains with low reputation

Phishing site or detected (based on various text indicators)

Creates files inside the system directory

Deletes files inside the Windows folder

HTML body contains low number of good links

HTML page contains string obfuscation

HTML title does not match URL

Classification

×

Joe Sandbox Signatures

• • Phishing
• • Compliance
• • Networking
• • System Summary

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'xofu8.wpym.xyz' does not match the legitimate domain for Microsoft., The URL uses a non-standard domain extension '.xyz', which is often used in phishing attempts., The URL contains random characters 'xofu8' and 'wpym', which do not relate to Microsoft and are suspicious., The presence of input fields for 'Email, phone, or Skype' is typical for phishing sites targeting Microsoft accounts. DOM: 4.16.pages.csv

Yara detected HtmlPhish45

Source: Yara match

File source: 4.16.pages.csv, type: HTML

Yara detected HtmlPhish54

Source: Yara match	File source: 3.38..script.csv, type: HTML
Source: Yara match	File source: 4.48..script.csv, type: HTML
Source: Yara match	File source: 4.14.pages.csv, type: HTML
Source: Yara match	File source: 3.12.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML
Source: Yara match	File source: 4.16.pages.csv, type: HTML

Yara detected Recaptcha Phish

Source: Yara match	File source: 2.2.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML
Source: Yara match	File source: 2.4.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_107, type: DROPPED

AI detected landing page (webpage, office document or email)

Source: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000&slide=id.p

Joe Sandbox AI: Page contains button: 'Download Files' Source: '1.0.pages.csv'

AI detected suspicious Javascript

Source: 2.24..script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://meheff.wpym.xyz/nrColMBN... This script exhibits high-risk behavior by using obfuscated code to redirect the user to an unknown domain, which is a common tactic for phishing or malware distribution. The use of the 'window.location.assign' function to redirect the user to a suspicious URL with encoded components is a strong indicator of malicious intent.

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.5

OCR Text: Outlook is lagging you out. We need to verify your identity. Please re-lagin to your account Verifying... CLOUDFLARE Performance & security by Microsoft

HTML body contains low number of good links

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

HTTP Parser: Number of links: 0

HTML page contains string obfuscation

Source: https://meheff.wpym.xyz/nrColMBN

HTTP Parser: Found new string: script ...var verifyCallback_CF = function (response) {. console.log("verified");. window.location.assign('htt' + 'p' + 's:/' + '/' + 'me' + 'h' + 'ef' + 'f.w' + 'py' + 'm' + '.xy' + 'z/n' + 'r' + 'Col' + 'MBN' + '?k' + '=' + 'NXL' + 'G' + '8A0');. };.....

HTML title does not match URL

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

HTTP Parser: Title: Sign in to Outlook does not match URL

Found iframes

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

HTTP Parser: Iframe src: https://mejeff.wpym.xyz/owa/prefetch.aspx

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

HTTP Parser: Iframe src: https://mejeff.wpym.xyz/owa/prefetch.aspx

HTML body contains password input

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true

HTTP Parser: <input type="password" .../> found

HTML page is missing a favicon

Source: https://meheff.wpym.xyz/nrColMBN	HTTP Parser: No favicon
Source: https://meheff.wpym.xyz/nrColMBN	HTTP Parser: No favicon
Source: https://meheff.wpym.xyz/nrColMBN	HTTP Parser: No favicon
Source: https://meheff.wpym.xyz/nrColMBN	HTTP Parser: No favicon
Source: https://meheff.wpym.xyz/nrColMBN	HTTP Parser: No favicon
Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ	HTTP Parser: No favicon

META author tag missing

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 142.251.167.104:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.110:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.41.1:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.110:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.193:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.229.21:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.206:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.72.110:443 -> 192.168.2.6:49824 version: TLS 1.2

Networking

Performs DNS queries to domains with low reputation

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: meheff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: mejeff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: mejeff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: mejeff.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: xofu8.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: xofu8.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: jrhte.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: jrhte.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: htejre.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: htejre.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: hrvetbr.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: hrvetbr.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: xofu8.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: xofu8.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: htejre.wpym.xyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	DNS query: htejre.wpym.xyz

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Downloads files from webservers via HTTP

Source: global traffic	HTTP traffic detected: GET /presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000 HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/presentation/client/css/4105792792-viewer_css_ltr.css HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=JLEqbqBzyEKyaFeMjriwHG0jyctQIODOa69zzL-GqkCCAV77XkzhK73WM-GrFqNFu9GXYOrB_Cq0fyWgNFw71PUfDyA1jcOh1sghls_Ypkqn2v2-EU0tBDm1nuR2tuljWZA72G-mtsLlJZ5FqRTDUbBd4HJOZCHhfKN6fjTs56ce1rKDO8X1tCJ8yrnifKF7rUNdOp4; GFE_RTT=224
Source: global traffic	HTTP traffic detected: GET /slidesz/AGV_vUdJaErXIJ55hdglvmfjSbJPFW0UxlncOXEIeukK-lpE_5EJ5uh5BaYVcdj_q3_TnTKD5vNdF46nR-OTR94Q5CLCKQzl6Xf2hHM67TsVRaoPZt4GNZxhtsR6gY_0XQ6UqZk=s2048?key=0T76xXlufg2HBrV9SVPofq1l HTTP/1.1Host: lh7-rt.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CO6MywE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/presentation/client/js/1573492039-viewer_integrated_core.js HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=JLEqbqBzyEKyaFeMjriwHG0jyctQIODOa69zzL-GqkCCAV77XkzhK73WM-GrFqNFu9GXYOrB_Cq0fyWgNFw71PUfDyA1jcOh1sghls_Ypkqn2v2-EU0tBDm1nuR2tuljWZA72G-mtsLlJZ5FqRTDUbBd4HJOZCHhfKN6fjTs56ce1rKDO8X1tCJ8yrnifKF7rUNdOp4; GFE_RTT=224
Source: global traffic	HTTP traffic detected: GET /slidesz/AGV_vUdJaErXIJ55hdglvmfjSbJPFW0UxlncOXEIeukK-lpE_5EJ5uh5BaYVcdj_q3_TnTKD5vNdF46nR-OTR94Q5CLCKQzl6Xf2hHM67TsVRaoPZt4GNZxhtsR6gY_0XQ6UqZk=s2048?key=0T76xXlufg2HBrV9SVPofq1l HTTP/1.1Host: lh7-rt.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /static/presentation/client/js/1568806778-punch_viewer_worker_binary_viewercore.js HTTP/1.1Host: docs.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=JLEqbqBzyEKyaFeMjriwHG0jyctQIODOa69zzL-GqkCCAV77XkzhK73WM-GrFqNFu9GXYOrB_Cq0fyWgNFw71PUfDyA1jcOh1sghls_Ypkqn2v2-EU0tBDm1nuR2tuljWZA72G-mtsLlJZ5FqRTDUbBd4HJOZCHhfKN6fjTs56ce1rKDO8X1tCJ8yrnifKF7rUNdOp4
Source: global traffic	HTTP traffic detected: GET /static/presentation/client/js/907711159-viewer_integrated_secondary.js HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000&slide=id.pAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=JLEqbqBzyEKyaFeMjriwHG0jyctQIODOa69zzL-GqkCCAV77XkzhK73WM-GrFqNFu9GXYOrB_Cq0fyWgNFw71PUfDyA1jcOh1sghls_Ypkqn2v2-EU0tBDm1nuR2tuljWZA72G-mtsLlJZ5FqRTDUbBd4HJOZCHhfKN6fjTs56ce1rKDO8X1tCJ8yrnifKF7rUNdOp4
Source: global traffic	HTTP traffic detected: GET /static/presentation/client/js/764277182-viewer_integrated_help.js HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000&slide=id.pAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=bhb5wswndd5rkgRSravDVvW6lkZW7W6ficPF1LcfwWew60Y676Dkbbk0LouixBlVQAqog5wegSxGfF2GjeBjrMFgoRP_44_7Z8biOG2FCXIQ3J71CGQs2_KfyBu6rjJLWkqXZOXyhopQTQr53npagBXKevTUI1U3gykH6qnFMPAt9N6DfKdQe-R8FoKiLhGSX9TVwBntosJ1pzs
Source: global traffic	HTTP traffic detected: GET /presentation/manifest.json HTTP/1.1Host: docs.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CO6MywE=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000&slide=id.pAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=522=bhb5wswndd5rkgRSravDVvW6lkZW7W6ficPF1LcfwWew60Y676Dkbbk0LouixBlVQAqog5wegSxGfF2GjeBjrMFgoRP_44_7Z8biOG2FCXIQ3J71CGQs2_KfyBu6rjJLWkqXZOXyhopQTQr53npagBXKevTUI1U3gykH6qnFMPAt9N6DfKdQe-R8FoKiLhGSX9TVwBntosJ1pzs
Source: global traffic	HTTP traffic detected: GET /nrColMBN HTTP/1.1Host: meheff.wpym.xyzConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://docs.google.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/708f7a809116/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/api.js HTTP/1.1Host: js.hcaptcha.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/r4wwa/0x4AAAAAAA2ptl9BKcGk2BB2/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/r4wwa/0x4AAAAAAA2ptl9BKcGk2BB2/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92a02388286d2361&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/r4wwa/0x4AAAAAAA2ptl9BKcGk2BB2/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/v1/c1e11bfffe54019b36ca486d59d75ea65128f510/static/hcaptcha.html HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: meheff.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://meheff.wpym.xyz/nrColMBNAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /c/5fef759e34a955dd56ceddd805e6a87d3f7d854c8c695bf797d43331bebfee3f/hsw.js HTTP/1.1Host: newassets.hcaptcha.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://newassets.hcaptcha.com/captcha/v1/c1e11bfffe54019b36ca486d59d75ea65128f510/static/hcaptcha.htmlAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /checksiteconfig?v=c1e11bfffe54019b36ca486d59d75ea65128f510&host=meheff.wpym.xyz&sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&sc=1&swa=1&spst=1 HTTP/1.1Host: api.hcaptcha.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/favicon.ico HTTP/1.1Host: meheff.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://meheff.wpym.xyz/nrColMBNAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1212442583:1743593607:vEnn6mwQ95ke5K7PKXFGNwLCtODIADibp6QTenEhzhc/92a02388286d2361/syp_.SEti7486WnCqG9gsMLBHxYvSA_rvMrkUrBK2Co-1743594942-1.1.1.1-hiZdP5cCpXDZqZ5jFX1duCsIUIGCXFylZ7JqyH8T8R3WvmVSUwC0qzbDeMX9EL9M HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92a02388286d2361/1743594953422/F44c2OL12PSq6bA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/r4wwa/0x4AAAAAAA2ptl9BKcGk2BB2/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92a02388286d2361/1743594953422/F44c2OL12PSq6bA HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/92a02388286d2361/1743594953425/c8ded0a11fbdbd541bb4fe88002a6f25458edfbafd114552db4fe9412006050a/ZD5VGc0O47vH_tR HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/r4wwa/0x4AAAAAAA2ptl9BKcGk2BB2/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/favicon.ico HTTP/1.1Host: meheff.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; ClientId=1F6FD9E23EA648BAA1B3CD86A897DC75; OIDC=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1212442583:1743593607:vEnn6mwQ95ke5K7PKXFGNwLCtODIADibp6QTenEhzhc/92a02388286d2361/syp_.SEti7486WnCqG9gsMLBHxYvSA_rvMrkUrBK2Co-1743594942-1.1.1.1-hiZdP5cCpXDZqZ5jFX1duCsIUIGCXFylZ7JqyH8T8R3WvmVSUwC0qzbDeMX9EL9M HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nrColMBN?k=NXLG8A0 HTTP/1.1Host: meheff.wpym.xyzConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://meheff.wpym.xyz/nrColMBNAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; ClientId=1F6FD9E23EA648BAA1B3CD86A897DC75; OIDC=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1212442583:1743593607:vEnn6mwQ95ke5K7PKXFGNwLCtODIADibp6QTenEhzhc/92a02388286d2361/syp_.SEti7486WnCqG9gsMLBHxYvSA_rvMrkUrBK2Co-1743594942-1.1.1.1-hiZdP5cCpXDZqZ5jFX1duCsIUIGCXFylZ7JqyH8T8R3WvmVSUwC0qzbDeMX9EL9M HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: mejeff.wpym.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ HTTP/1.1Host: xofu8.wpym.xyzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://meheff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_9810YxmrLqOR1rQ4anyNMg2.js HTTP/1.1Host: jrhte.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQ&sso_reload=true HTTP/1.1Host: xofu8.wpym.xyzConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; esctx-85oIgnoPw48=AQABCQEAAABVrSpeuWamRam2jAF1XRQEX9GMKaQ6jbGYSngESuBwI3yclzH1AW8o80rTD5S7JSIsfKWkP0L_vHfLJ5KanzkJvW1ahNDqz6BTUlaV24l7GJMKyu6vfuK55DAQOpz-x3YKMX2w-22JjZ9iwiVDrVyd7rA8i3_7a0XFT16YM1mPxSAA; fpc=Al_Hmr0PvYNEokv2dfrKwy4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbFR-Sdsw57h_pTIto1pc51RTPZ2RvAgvOFMtgnkDjMAM2F9hOWBd3NhYdlTWwWPun-4yQlmF3oPrmnMeK21mmDcWtMKp9YiCIxl5tE5FCMjnxWu6ZEPMhOQcGR8g-PUydOW54amwmo2_yL5Xb23oheWB1xVYZg5hfyqIY50xGSsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xofu8.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d3f010eb-0335-4544-92e3-80e46926cd37&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9&state=DctLFoAgCEBRrNNySFERWI75mTZs-zG4b_YCAJzucCF5QFpRMTKSxkrENeltOpttm7geWlg3Z-x5TxyJC4_KKw8L_l7x_Xr8AQAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; esctx-85oIgnoPw48=AQABCQEAAABVrSpeuWamRam2jAF1XRQEX9GMKaQ6jbGYSngESuBwI3yclzH1AW8o80rTD5S7JSIsfKWkP0L_vHfLJ5KanzkJvW1ahNDqz6BTUlaV24l7GJMKyu6vfuK55DAQOpz-x3YKMX2w-22JjZ9iwiVDrVyd7rA8i3_7a0XFT16YM1mPxSAA; fpc=Al_Hmr0PvYNEokv2dfrKwy4; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEbFR-Sdsw57h_pTIto1pc51RTPZ2RvAgvOFMtgnkDjMAM2F9hOWBd3NhYdlTWwWPun-4yQlmF3oPrmnMeK21mmDcWtMKp9YiCIxl5tE5FCMjnxWu6ZEPMhOQcGR8g-PUydOW54amwmo2_yL5Xb23oheWB1xVYZg5hfyqIY50xGSsgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: jrhte.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_GjP1RdcVSKf6ASC7mgkR1g2.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1d0daql8my9m71a_2aaxzg2.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: hrvetbr.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: mejeff.wpym.xyzConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; ClientId=E46BB670B1294E60972BB77C3727EBD6; OIDC=1; OpenIdConnect.nonce.v3.A7lDoigpTWbpd6PAH_qIBGNph4oaBSYSP-CP3NCOjg8=638791917658115408.98d69f9d-eb1e-4f52-a2fd-c0535c45e2c9; X-OWA-RedirectHistory=ArLym14BUA1nWd1x3Qg
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_72a1051aa2aa2943d8c1.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/scripts/boot.worldwide.0.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/handlers/watson HTTP/1.1Host: xofu8.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e; esctx-85oIgnoPw48=AQABCQEAAABVrSpeuWamRam2jAF1XRQEX9GMKaQ6jbGYSngESuBwI3yclzH1AW8o80rTD5S7JSIsfKWkP0L_vHfLJ5KanzkJvW1ahNDqz6BTUlaV24l7GJMKyu6vfuK55DAQOpz-x3YKMX2w-22JjZ9iwiVDrVyd7rA8i3_7a0XFT16YM1mPxSAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA|NoExtension; SSOCOOKIEPULLED=1; buid=1.ATcAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA3AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQE2-hTqoszpL0NFxMxHwS5YUc1-0YLNIcWzHhaqm0-YKTWhwwpdd-gBAvxGvGntuxr63JeDp0fchfKxW8ZI_LwWZZTObGGlNIYMxFjbmJWY8IgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEGKpKCqjkP_GWlZJExaeH5S9mzSZc0v2ZzHjTqg6swjQrQXRuHqFrWDz5R_yL3bd6PriDKfItB4ToiVvNlK0oPBWMKihL1ZKj7jwfOAjvE6ZkGcpcpx4ytfD1WCCg7_rrT4IWEdPeieEE586iMDwMzGOYT0zNsDwPpoYzngV2FKMgAA; esctx-sd3ZhMr8X0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEmjkRSCpHlRePi8tyDkktckH3lP4xrHtXEV06Byjlrjn-4AMyj5XHMkdyHj4p_zaxPINC54YjFrjISKufFtW_uB_MZIt0AsxVCL9HhDk968rgeV86l6_5YJmdhyA8o9LsOCogrHZMVOt6fGm1xSfA1SAA; fpc=Al_Hmr0PvYNEokv2dfrKwy4; MicrosoftApplicationsTelemetryDeviceId=05f1106b-dd01-463d-8706-a0227d8a7e0d; brcap=0
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/scripts/boot.worldwide.1.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/scripts/boot.worldwide.2.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_c4928fb5cff147a39780.js HTTP/1.1Host: htejre.wpym.xyzConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xofu8.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: htejre.wpym.xyzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 68ba-73d6=5964312a968d5bf8b4112aeb76102c73361c8cf272c7006e3e95435506daf19e
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/scripts/boot.worldwide.3.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/resources/images/0/sprite1.mouse.png HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8583.41/resources/images/0/sprite1.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://mejeff.wpym.xyz/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Found strings which match to known social media urls

Source: chromecache_130.3.dr

String found in binary or memory: function Lhb(a,c){Mhb(a);var e=new Hhb(c,a.D);c==5?a.C.callback(e):(a.B.onload=r(),a.B.onerror=r(),xo(a.B),a.D>=3?a.C.callback(e):Khb(a))}function Mhb(a){clearTimeout(a.F);a.F=null;clearTimeout(a.G);a.G=null}Ihb.prototype.getStatus=function(){return this.C&&et(this.C)?this.C.getValue():new Hhb(1,this.D)};var Nhb=qi(["https://www.youtube.com/iframe_api"]),Ohb=qi([Dia]);function YJ(a,c){a=a===void 0?this.H:a;c=c===void 0?this.J:c;this.G=a;this.I=c;if(Gi._docs_yt_api_preloaded){var e;b:{a=this.I();c=oi(Phb);for(var f=c.next();!f.done;f=c.next())if(f=f.value,a===f.toString()){a=f;break b}a=null}a=(e=a)!=null?e:Qhb}else a=Qhb;this.F=a;this.C=this.G(this.F);(e=jo(document,Ija))&&xo(e);this.B=Gi._docs_yt_api_preloaded?2:0;this.D=[]} equals www.youtube.com (Youtube)

Performs DNS lookups

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: docs.google.com
Source: global traffic	DNS traffic detected: DNS query: lh7-rt.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: meheff.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: js.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: newassets.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: api.hcaptcha.com
Source: global traffic	DNS traffic detected: DNS query: mejeff.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: xofu8.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: jrhte.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: htejre.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: hrvetbr.wpym.xyz
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: google.com

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/web-reports?bl=editors.presentations-frontend_20250325.02_p4&app=6&clss=1&context=eJwNzntUzekaB_C33-99H1KpdrW77i33WzopKaeS2ntHddyHd-NgMmlkklCmZphJx20ylttpkhy7kZRSTIORkWbcTu7hrNwZjia6uEdx1Pn-8VnPWs93fdfz9Khz0byfzvqDNZNsAEm2ASzdJTvVQ7IVNpKVw8-2khU6SKbXSPbOWbKBLpKdhgOuktVAoZtk4z2Qe0o23UuyLTrJ8mCPXrJFvSWL7yvZiQGSBQ6U7MMQyex8JHOEocMk2-or2drhkiUHSpYBWeGSbYMZkyQrmCLZQRholiwI1BmSOUHdTMn-gNjZks2CG3GSNYJ1vGTu8CpBMuVzyQ4vlOwMjPhCMiM0p-E-dHwpmX26ZDczJXsCl7Mkuw_Gf0j2CQRvlGwcZP8g2Q7on4vfoXO7ZD3z0PsXepC_R7IycD4oWT-4Xy3ZM4i4INlkOH5Fsoug1EmmgW43JHMFx_uS9YadsB9OwjXQP5TMF3IfS1YMQQ2SjYVKOAlnoR6qXkh2DqoczewcZGrNrMTVzI5C8igzq4kysyuQM8fMisA73sz8oG-CmQVAw2Iza4PAFDMzQdFSMzsMaWlmtgYGLTezYHjgcpU1ejUrb0E_pFkZAMqCl0oPiD71UpkMGx-9UnLgnO9r5Sr0jn2tDIb_dW9TuHWbovNvU_rDvRVtSgNkZrYp62FoVpsSAN8ca1PWwuEv3inVsDG0XckBY1i78jdITmhXlsO27HYlH-Z-3aFMON-hTAdTXYcyHiya90oxHM56r1TD24L3SicE9etUwmHz7U5lO0SxLmUC1Hl1KTchKaNLSYXKP5h6DPbttlJt91ipzmApUNRi2HVaUS2qqhbDiMGqGgrvpqhqF8ROU9WpcGGVql6HgHWqOhqONKjqCZjVg6sJ0OrN1TYY9Pyv3A9-ehbCqyDrZQjPBs-2EN4XXCeG8nm5oXwh6MpDeX-wagrlDzzCeCOMCA7joXAxN4zfgNh-o_lUcNwUzt2hrS6cfwRn8xjuBTOTx3CzLoJ_Cg_HRfAWELER3A6ymiP4VhjbGsEngkdkJO8DTRsi-Xvovj-SO4BVeSS3hidaA38Bk0cb-AzYMcnATSkGPh7ULw3cBhpWGHgrLD9g4N_AjEoDj4Os3kaeDS82GDn73sgnlRi5GV6fM_IP0Al03shXwGoIumjk4TANZkMRlIPTKyP3hHV6E98EAT4mHgK_JZp4LbQuMfE28Flu4iPgeLWJn4bn50z8HYhrJm4HFY9M_Ahs_9PEC6DBO4q3wuPAKN4C2z6N4vmwyGUcD5k2jhvgg4jmKkXzd5po3gXD3aN5KNR2i-F10Gkdw6lHDB_WN4Zfn2gRXVMsottUi2j5xSLewJo3BWIjGA78KJKcdotUOPzVbtHoXCieQ9rdQrESHj4vFE_hRNIecRbo8R7RE1qWFYk3ULW6SPwOeZ57xY-wq3qv2AeJg4vFEtjmUywKYXh5sRgFL_UlogPiZ5SIJPA9XCJGQnBuqTBA1U-l4neofFoqjsGzD6XiLYjOUmEHiZ5lYgkcHVYmToEutkz0h0UTykQa5MeXiUJoXFkmXsHTnDLxEhpKykQrFGTvF2Xgd2W_GAPrhpaLTTDyswoxGlYurhBbRjeJPBg5uUlEwd_Tm8SvG5vEyfImcR48bzWJvpA7u1lYYO6cZtHtXLPQQOb5ZrEeHt1qFk1Qf6dZ3Ae_8BYRDG-rWkQnBJxsESFwOa9V1MOsHa3iM6hhz8QVWP7tK_E1-HS3oRGwYLMNpcOM9zY0B0b1tCW_ZFsKhuxcW9oKp_JtqRb27bSlCjhxwpYO1dnScRj7py1JOMnt6DwM22JHYXD8kB2dhl1H7WgvXG-2o5vwz009aSecqOlJZ2HimZ4kodLfno7BywR7egsfd9mTsNhTToM9fXB3INXDgexWOZAL6IscaACsPeJANu0O5ABThzjSLPgl0pFqoH6WI90H_3JHelfpSF1wN0RDD6HZqKHXYIjTUCw8KdfQCwg4ix2E12noATy2d6IWsAQ5UTGsCHai1dA01omWxjnRHfgvRKY7UQzQVUzoke9MGrhU60z3YOY9Z5oHW1udKRcmaFxoOlT5udDlSBe6DvHzXSgJYkpdaApcrnShaQ0uFNZLSyZI7a-lDMjx0dIOOOqnpWo4A-fhGtyAB_AYasK19G-Yk6Sl3sla-kuWloKgI19LVju1FGjRUhjUwiUw7NZSLAw9pSU_CIJQWHRdS2mQ8h8tpcOaO1raCE53teQJM5NcaR5EpLrSlE2u9NtWV6qF9luuxG670sLubvQVnPF2o0sQGutGRviQ60ZsuxuNqXCjcZB-0I1WwoJaN0oBh0J3cgOb6-7kBN9960FbwPidB30CE7M9SEL5GQ-qBO9GDxoEc6M8KR5-iPOkXZC52ZPWQ0aEF30DC2K8aBHsqvKivZBx2otWwcC7XuQD8-550edgstLRNGhXdPQRzkbr6DIEzdZRONz4Xke0SUdamPOrjhLg3lUdNcCKeh2thlEPdFTtq6eTkDpRTxmwpkxPjy7oqeK2nn6Ggud6KoGrHXqqh92zelEx-Cb0ogBY2c2b1kBRojfl13pTIWj9-pDGtrvlwqEacnjxNO-t4mE9KW1eUuKyBfPj-wybH5-YunjpMt-UpfOXzU9OjUtNXJy8bFjC0sXJqfOT4-f6-_kH-gX4B_r6-c9NGfF_LMjCkQ&build-label=editors.presentations-frontend_20250325.02_p4&imp-sid=CLD945qluYwDFfCtqwcdegENvw&is-cached-offline=false

URLs found in memory or binary data

Source: chromecache_130.3.dr	String found in binary or memory: http://csi.gstatic.com/csi
Source: chromecache_123.3.dr	String found in binary or memory: http://feross.org
Source: chromecache_126.3.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_105.3.dr	String found in binary or memory: http://gsgd.co.uk/sandbox/jquery/easing/
Source: chromecache_112.3.dr, chromecache_97.3.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_100.3.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_112.3.dr, chromecache_97.3.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_130.3.dr	String found in binary or memory: https://accounts.google.com/ServiceLogin
Source: chromecache_130.3.dr	String found in binary or memory: https://angular.dev/license
Source: chromecache_130.3.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_130.3.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: chromecache_107.3.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_130.3.dr	String found in binary or memory: https://csi.gstatic.com/csi
Source: chromecache_132.3.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_130.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto_old:300
Source: chromecache_132.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v62/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RF
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_139.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_112.3.dr, chromecache_123.3.dr, chromecache_125.3.dr, chromecache_97.3.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_134.3.dr, chromecache_108.3.dr	String found in binary or memory: https://hcaptcha.com/license
Source: chromecache_130.3.dr	String found in binary or memory: https://itunes.apple.com/app/apple-store/id842842640?pt=9008&ct=docs_mo&mt=8
Source: chromecache_130.3.dr	String found in binary or memory: https://itunes.apple.com/app/apple-store/id842849113?pt=9008&ct=sheets_mo&mt=8
Source: chromecache_130.3.dr	String found in binary or memory: https://itunes.apple.com/app/apple-store/id879478102?pt=9008&ct=slides_mo&mt=8
Source: chromecache_107.3.dr	String found in binary or memory: https://js.hcaptcha.com/1/api.js
Source: chromecache_138.3.dr	String found in binary or memory: https://play.google.com
Source: chromecache_130.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_138.3.dr	String found in binary or memory: https://policies.google.com/privacy?hl=en
Source: chromecache_138.3.dr	String found in binary or memory: https://policies.google.com/terms?hl=en
Source: chromecache_130.3.dr	String found in binary or memory: https://ssl.gstatic.com/docs/common/warning.png
Source: chromecache_138.3.dr	String found in binary or memory: https://support.google.com
Source: chromecache_138.3.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_138.3.dr	String found in binary or memory: https://support.google.com/docs/answer/1696717?hl=en
Source: chromecache_138.3.dr	String found in binary or memory: https://support.google.com/drive/?hl=en
Source: chromecache_130.3.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: chromecache_138.3.dr	String found in binary or memory: https://www.google.com
Source: chromecache_130.3.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?trustedtypes=true&render=
Source: chromecache_138.3.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_130.3.dr	String found in binary or memory: https://www.gstatic.com/_/apps-fileview/_/js/
Source: chromecache_138.3.dr	String found in binary or memory: https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js
Source: chromecache_138.3.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: chromecache_100.3.dr	String found in binary or memory: https://www.gstatic.com/video_effects
Source: chromecache_130.3.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: chromecache_130.3.dr	String found in binary or memory: https://youtube.googleapis.com
Source: chromecache_130.3.dr	String found in binary or memory: https://youtube.googleapis.com/iframe_api

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 142.251.167.104:443 -> 192.168.2.6:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.110:443 -> 192.168.2.6:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.41.1:443 -> 192.168.2.6:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.110:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.251.40.193:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.229.21:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.230.21:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.6:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.55.235.240:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.209.72.206:443 -> 192.168.2.6:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 209.141.50.41:443 -> 192.168.2.6:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.72.110:443 -> 192.168.2.6:49824 version: TLS 1.2

System Summary

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir4900_230742674

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir4900_230742674

Jump to behavior

Classification label

Source: classification engine

Classification label: mal88.phis.troj.win@27/90@70/14

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1724,i,6665872760245968715,17813975207059206959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://docs.google.com/presentation/d/e/2PACX-1vQ7Dkd_WRbgSfshqD4oLNlUmDxTYPUSUb2tLr0qsjIwZ7fwYeWMIoyLCuLiIiL3T8QaBj2et0IIqqkz/pub?start=false&loop=false&delayms=3000"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1724,i,6665872760245968715,17813975207059206959,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected