Windows Analysis Report
Madisonwellsmedia546.pdf

Overview

General Information

Sample name:	Madisonwellsmedia546.pdf
Analysis ID:	1500041
MD5:	5860e337c8192049cfd7f96f890aa7d0
SHA1:	b235adb0cef62030db5eefe95d6dd4147344186f
SHA256:	d7be5e35ec40822713120fa550bda29ee8e7edcf511d32199983cf0e653ec8a7
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected HtmlPhish54

Detected use of open redirect vulnerability

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected suspicious crossdomain redirect

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains string obfuscation

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://www.tynurserys.com/mail/	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/pCavcKaS?d=eA5LR9g	Avira URL Cloud: Label: malware
Source: https://ywnjb.tynurserys.com/Me.htm?v=3	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/mail/favicon.ico	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/pCavcKaS	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/owa/startupdata.ashx?app=Mail&n=0	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/favicon.ico	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/mail/?authRedirect=true&state=0	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 7.11.id.script.csv, type: HTML
Source: Yara match	File source: 10.26.i.script.csv, type: HTML
Source: Yara match	File source: 10.19.id.script.csv, type: HTML
Source: Yara match	File source: 7.4.pages.csv, type: HTML
Source: Yara match	File source: 10.5.pages.csv, type: HTML
Source: Yara match	File source: 10.7.pages.csv, type: HTML

Detected use of open redirect vulnerability

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Proxy from: www.fortismerchants.co.uk/rd?cmnpn=93885&ct=90493&u=https://subcg.tynurserys.com/pcavckas to https://subcg.tynurserys.com/pcavckas

Phishing site detected (based on favicon image match)

Source: https://tynurserys.com	Matcher: Template: outlook matched with high similarity
Source: https://tynurserys.com	Matcher: Template: microsoft matched with high similarity
Source: https://www.tynurserys.com/mail/#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	Matcher: Template: outlook matched with high similarity
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

Found iframes

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==

HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...

HTML page contains string obfuscation

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==

HTTP Parser: Found new string: script . var verifyCallback_CF = function(response) {. let cfForm = document.querySelector("#cfForm");. if (validateElement(cfForm) && response.length > 10) {. cfForm.remove();. window.location.href = 'htt' + 'ps:' + '/' + '/su' + 'b' + 'cg' + '.' + 't' + 'yn' + 'ur' + 'ser' + 'ys.' + 'co' + 'm' + '/pC' + 'a' + 'vcK' + 'aS' + '?' + 'd=e' + 'A5' + 'LR9' + 'g' + window.location.hash;. return;. }. console.log("CAPTCHA verification failed or response length is not sufficient.");. return;. };.. function validateElement(element) {. return element != undefined && element.style != undefined && element.style.visibility != undefined;. }. ..

HTML title does not match URL

HTTP Parser: Title: Sign in to Outlook does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No favicon

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49826 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: www.fortismerchants.co.uk to https://subcg.tynurserys.com/pcavckas

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 52.98.171.226 52.98.171.226
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /rd?cmnpn=93885&ct=90493&u=https%3A%2F%2Fsubcg.tynurserys.com%2FpCavcKaS HTTP/1.1Host: www.fortismerchants.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pCavcKaS HTTP/1.1Host: subcg.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9dff303c257c94&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9dff303c257c94&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/pCavcKaSAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8b9dff303c257c94/1724782002561/5c91b52924fe45452019fec6d584871061755f6bc465156f893751f28a58fe66/oJwCedlV4oz_aMK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B3PZfKzHNmcUX1d&MD=887pveRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9dff303c257c94/1724782002566/Z5BWo-8suzd4vYL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9dff303c257c94/1724782002566/Z5BWo-8suzd4vYL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pCavcKaS?d=eA5LR9g HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://subcg.tynurserys.com/pCavcKaSAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /mail/ HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /mail/?authRedirect=true&state=0 HTTP/1.1Host: www.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8 HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw HTTP/1.1Host: subcg.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: www.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1; OpenIdConnect.nonce.v3.d6rFuCnryopyCWreCIpo-GzwsfnZvYmM1mQ9Vg-2nxQ=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b; X-OWA-RedirectHistory=ArLym14BOBYBDMPG3Ag
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2BwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd; esctx-760Fcq4eTww=AQABCQEAAAApTwJmzXqdR4BN2miheQMYx8BhBac_-dQXp-j71yrdzHsFdv7J_kMl_E9E3H5kc2Z4jE5t6ktfVJJ-a-idah5VREvrti1docxxj8pbcbKUobeYC7iptW_FVi6Zii4MWqfJMOp5WHxKe30VMfmDtAQyL8yLLvS6re32c9JRid4LFyAA; fpc=Ah-DUjHRs35IvQUf8G1BV9I; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMY_z6dHdWQ_8RiG5JkkVypmi-XaDg--4t3g-vPj1GB2NSKGlM10hdFLLjFQraz9UYiM4oetjfcQeZHmjsTW4x6k4kWgDINg1dcfTRVWbM7dK0rmYFs6pi5wkxGmb_ph4qbEdtPBzg7MzzQ1pUQjEGDa0igdu1WDRHh03oLZ21I27QgAA; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_Cr8LUIyurKoYeKwC2s2vJw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_Cr8LUIyurKoYeKwC2s2vJw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B3PZfKzHNmcUX1d&MD=887pveRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.fortismerchants.co.uk
Source: global traffic	DNS traffic detected: DNS query: subcg.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ywnjb.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2711sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 41e7ec57f580fddsec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:42 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}X-Ms-Ests-Server: 2.1.18760.5 - SCUS ProdSlicesX-Ms-Request-Id: 0d25a9a3-a47b-43a8-bcae-40bc0261ac00X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8b9dff3b48fb8c4b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:43 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: vwrDZvLgP2k10vyQ1Vhc8oJpX1DLoUctj4s=$4wtWHz0I57ybeLOjcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9dff41fbde42c1-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: qWdxeswoheF8yz3Fft6GdBoVB+iHKcGDn7s=$eeCJHR9MGDLuJeGfServer: cloudflareCF-RAY: 8b9dff5efcdc7cf3-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:52 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: DUvLs5byH3ngfLtuSLjWZDPOVDoWA2+d7Qc=$rinYHjuelxHgLDr1cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9dff7809654237-EWRalt-svc: h3=":443"; ma=86400

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_243.5.dr, chromecache_241.5.dr	String found in binary or memory: http://feross.org
Source: chromecache_223.5.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_225.5.dr, chromecache_237.5.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_229.5.dr, chromecache_221.5.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_225.5.dr, chromecache_237.5.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_229.5.dr, chromecache_221.5.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_201.5.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: 4b1b4a6b-3746-4da3-8a8f-3588479148b4.tmp.3.dr, 57178d7e-aca5-42d6-842c-4ca2e9bfa1ba.tmp.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_218.5.dr, chromecache_243.5.dr, chromecache_235.5.dr, chromecache_229.5.dr, chromecache_241.5.dr, chromecache_221.5.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_202.5.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_245.5.dr, chromecache_224.5.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/apps/955070e9-99a6-4319-b8df-32adf59949aa_smal
Source: chromecache_202.5.dr	String found in binary or memory: https://subcg.tynurserys.com
Source: chromecache_245.5.dr, chromecache_224.5.dr	String found in binary or memory: https://web.yammer.com/teams/feed

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49826 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.winPDF@32/144@32/11

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 14-06-36-105.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Madisonwellsmedia546.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1580,i,18033727624882255278,16233875503812827206,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.fortismerchants.co.uk/rd?cmnpn=93885&ct=90493&u=https%3A%2F%2Fsubcg.tynurserys.com%2FpCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1832,i,10525007346694860206,14711578944265795269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1580,i,18033727624882255278,16233875503812827206,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1832,i,10525007346694860206,14711578944265795269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Madisonwellsmedia546.pdf	Initial sample: PDF keyword /JS count = 0
Source: Madisonwellsmedia546.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Madisonwellsmedia546.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Madisonwellsmedia546.pdf

Initial sample: PDF keyword obj count = 52

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.98.171.226	HHN-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.16.167.62	loadbalancer.ebiz.co.uk	United States	16509	AMAZON-02US	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	subcg.tynurserys.com	European Union	13335	CLOUDFLARENETUS	true
188.114.96.3	www.tynurserys.com	European Union	13335	CLOUDFLARENETUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
23.203.104.175	unknown	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
www.tynurserys.com	188.114.96.3	true
loadbalancer.ebiz.co.uk	52.16.167.62	true
bg.microsoft.map.fastly.net	199.232.214.172	true
subcg.tynurserys.com	188.114.97.3	true
challenges.cloudflare.com	104.18.94.41	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	142.250.186.100	true
ywnjb.tynurserys.com	188.114.97.3	true
HHN-efz.ms-acdc.office.com	52.98.171.226	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
identity.nel.measure.office.net	unknown	unknown
r4.res.office365.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
www.fortismerchants.co.uk	unknown	unknown
m365cdn.nel.measure.office.net	unknown	unknown
outlook.office365.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js	false	Avira URL Cloud: safe	unknown
https://www.tynurserys.com/mail/	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8b9dff303c257c94/1724782002566/Z5BWo-8suzd4vYL	false	Avira URL Cloud: safe	unknown
https://www.tynurserys.com/	false	Avira URL Cloud: malware	unknown
https://outlook.office365.com/owa/prefetch.aspx	false	URL Reputation: safe	unknown
https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png	false	Avira URL Cloud: safe	unknown
https://subcg.tynurserys.com/pCavcKaS?d=eA5LR9g	false	Avira URL Cloud: malware	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg	false	URL Reputation: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js	false	Avira URL Cloud: safe	unknown
https://www.tynurserys.com/owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8	false	Avira URL Cloud: malware	unknown
https://ywnjb.tynurserys.com/Me.htm?v=3	false	Avira URL Cloud: malware	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg	false	Avira URL Cloud: safe	unknown
https://www.fortismerchants.co.uk/rd?cmnpn=93885&ct=90493&u=https%3A%2F%2Fsubcg.tynurserys.com%2FpCavcKaS	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_Cr8LUIyurKoYeKwC2s2vJw2.js	false	Avira URL Cloud: safe	unknown
https://www.tynurserys.com/mail/favicon.ico	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9dff303c257c94&lang=auto	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js	false	Avira URL Cloud: safe	unknown
https://subcg.tynurserys.com/pCavcKaS	false	Avira URL Cloud: malware	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8b9dff303c257c94/1724782002561/5c91b52924fe45452019fec6d584871061755f6bc465156f893751f28a58fe66/oJwCedlV4oz_aMK	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/6790c32b9fc9/api.js	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd	false	Avira URL Cloud: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico	false	URL Reputation: safe	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg	false	URL Reputation: safe	unknown
https://subcg.tynurserys.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
https://www.tynurserys.com/owa/startupdata.ashx?app=Mail&n=0	false	Avira URL Cloud: malware	unknown
https://www.tynurserys.com/mail/?authRedirect=true&state=0	false	Avira URL Cloud: malware	unknown
https://www.tynurserys.com/mail/#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	true		unknown

AV Detection

Antivirus detection for URL or domain

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://www.tynurserys.com/mail/	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/pCavcKaS?d=eA5LR9g	Avira URL Cloud: Label: malware
Source: https://ywnjb.tynurserys.com/Me.htm?v=3	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/mail/favicon.ico	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/pCavcKaS	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/owa/startupdata.ashx?app=Mail&n=0	Avira URL Cloud: Label: malware
Source: https://subcg.tynurserys.com/favicon.ico	Avira URL Cloud: Label: malware
Source: https://www.tynurserys.com/mail/?authRedirect=true&state=0	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 7.11.id.script.csv, type: HTML
Source: Yara match	File source: 10.26.i.script.csv, type: HTML
Source: Yara match	File source: 10.19.id.script.csv, type: HTML
Source: Yara match	File source: 7.4.pages.csv, type: HTML
Source: Yara match	File source: 10.5.pages.csv, type: HTML
Source: Yara match	File source: 10.7.pages.csv, type: HTML

Detected use of open redirect vulnerability

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Proxy from: www.fortismerchants.co.uk/rd?cmnpn=93885&ct=90493&u=https://subcg.tynurserys.com/pcavckas to https://subcg.tynurserys.com/pcavckas

Phishing site detected (based on favicon image match)

Source: https://tynurserys.com	Matcher: Template: outlook matched with high similarity
Source: https://tynurserys.com	Matcher: Template: microsoft matched with high similarity
Source: https://www.tynurserys.com/mail/#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	Matcher: Template: outlook matched with high similarity
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

Found iframes

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==

HTML page contains string obfuscation

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==

HTML title does not match URL

HTTP Parser: Title: Sign in to Outlook does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/pCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw	HTTP Parser: No favicon
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No favicon

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49826 version: TLS 1.2

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: www.fortismerchants.co.uk to https://subcg.tynurserys.com/pcavckas

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 52.98.171.226 52.98.171.226
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.73.194.208
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /rd?cmnpn=93885&ct=90493&u=https%3A%2F%2Fsubcg.tynurserys.com%2FpCavcKaS HTTP/1.1Host: www.fortismerchants.co.ukConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pCavcKaS HTTP/1.1Host: subcg.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9dff303c257c94&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8b9dff303c257c94&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/pCavcKaSAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8b9dff303c257c94/1724782002561/5c91b52924fe45452019fec6d584871061755f6bc465156f893751f28a58fe66/oJwCedlV4oz_aMK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B3PZfKzHNmcUX1d&MD=887pveRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9dff303c257c94/1724782002566/Z5BWo-8suzd4vYL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ul3kq/0x4AAAAAAAeTpIyb_xx_MePH/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8b9dff303c257c94/1724782002566/Z5BWo-8suzd4vYL HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1551955146:1724779460:S8hevjRG-pPNv9fILcmjlicunHEMlWb-gIhGxGWCUgU/8b9dff303c257c94/41e7ec57f580fdd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pCavcKaS?d=eA5LR9g HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://subcg.tynurserys.com/pCavcKaSAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /mail/ HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /mail/?authRedirect=true&state=0 HTTP/1.1Host: www.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /owa/?state=1&redirectTo=aHR0cHM6Ly9vdXRsb29rLm9mZmljZS5jb20vbWFpbC8 HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw HTTP/1.1Host: subcg.tynurserys.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: www.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: www.tynurserys.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; ClientId=73BB9829642148A3B29661493F90DA28; OIDC=1; OpenIdConnect.nonce.v3.d6rFuCnryopyCWreCIpo-GzwsfnZvYmM1mQ9Vg-2nxQ=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b; X-OWA-RedirectHistory=ArLym14BOBYBDMPG3Ag
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2Bw&sso_reload=true HTTP/1.1Host: subcg.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://subcg.tynurserys.com/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c261c7ab-25e1-6136-7230-2c97b30cfdad&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638603788201931742.53b05e7f-b301-45f2-9aaa-06ff174e4c3b&state=DYu9DoIwGACLvotb5WtL_wbioDEMuKCJhq1faROIBAME49vb4W66ywgh-8QukUES0UoYBUIbw4FZwXTBj1IgyKAjRQGMFjJyap1zFFSMKQiFF5il95JPX5ef5tD1c_DrYypd1YCvbqr-2a17NQtyO9ejHdvxPbR3OSCHDZ_XD57NYVndGkr2BwAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063; x-ms-gateway-slice=estsfd; esctx-760Fcq4eTww=AQABCQEAAAApTwJmzXqdR4BN2miheQMYx8BhBac_-dQXp-j71yrdzHsFdv7J_kMl_E9E3H5kc2Z4jE5t6ktfVJJ-a-idah5VREvrti1docxxj8pbcbKUobeYC7iptW_FVi6Zii4MWqfJMOp5WHxKe30VMfmDtAQyL8yLLvS6re32c9JRid4LFyAA; fpc=Ah-DUjHRs35IvQUf8G1BV9I; esctx=PAQABBwEAAAApTwJmzXqdR4BN2miheQMY_z6dHdWQ_8RiG5JkkVypmi-XaDg--4t3g-vPj1GB2NSKGlM10hdFLLjFQraz9UYiM4oetjfcQeZHmjsTW4x6k4kWgDINg1dcfTRVWbM7dK0rmYFs6pi5wkxGmb_ph4qbEdtPBzg7MzzQ1pUQjEGDa0igdu1WDRHh03oLZ21I27QgAA; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.tynurserys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fRIp=277ebffc0576bb673963fb1bfe25e277c8a5d8df5129a15a8289947c9a52d063
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_Cr8LUIyurKoYeKwC2s2vJw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://subcg.tynurserys.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_tzwwq6wdslxjdiwzdatg6a2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_Cr8LUIyurKoYeKwC2s2vJw2.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://subcg.tynurserys.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc2e13.jpg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/applogos/53_7a3c80bf9694448bac31a9589d2e9e92.png HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B3PZfKzHNmcUX1d&MD=887pveRe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.fortismerchants.co.uk
Source: global traffic	DNS traffic detected: DNS query: subcg.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ywnjb.tynurserys.com
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:42 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+san"}]}X-Ms-Ests-Server: 2.1.18760.5 - SCUS ProdSlicesX-Ms-Request-Id: 0d25a9a3-a47b-43a8-bcae-40bc0261ac00X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8b9dff3b48fb8c4b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:43 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: vwrDZvLgP2k10vyQ1Vhc8oJpX1DLoUctj4s=$4wtWHz0I57ybeLOjcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9dff41fbde42c1-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:48 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: qWdxeswoheF8yz3Fft6GdBoVB+iHKcGDn7s=$eeCJHR9MGDLuJeGfServer: cloudflareCF-RAY: 8b9dff5efcdc7cf3-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 27 Aug 2024 18:06:52 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: DUvLs5byH3ngfLtuSLjWZDPOVDoWA2+d7Qc=$rinYHjuelxHgLDr1cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8b9dff7809654237-EWRalt-svc: h3=":443"; ma=86400

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_243.5.dr, chromecache_241.5.dr	String found in binary or memory: http://feross.org
Source: chromecache_223.5.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_225.5.dr, chromecache_237.5.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_229.5.dr, chromecache_221.5.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_225.5.dr, chromecache_237.5.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_229.5.dr, chromecache_221.5.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_201.5.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: 4b1b4a6b-3746-4da3-8a8f-3588479148b4.tmp.3.dr, 57178d7e-aca5-42d6-842c-4ca2e9bfa1ba.tmp.3.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: chromecache_203.5.dr, chromecache_209.5.dr, chromecache_218.5.dr, chromecache_243.5.dr, chromecache_235.5.dr, chromecache_229.5.dr, chromecache_241.5.dr, chromecache_221.5.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_202.5.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_245.5.dr, chromecache_224.5.dr	String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/apps/955070e9-99a6-4319-b8df-32adf59949aa_smal
Source: chromecache_202.5.dr	String found in binary or memory: https://subcg.tynurserys.com
Source: chromecache_245.5.dr, chromecache_224.5.dr	String found in binary or memory: https://web.yammer.com/teams/feed

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.71.55.58:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.44.239.154:443 -> 192.168.2.16:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49826 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.winPDF@32/144@32/11

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 14-06-36-105.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Madisonwellsmedia546.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1580,i,18033727624882255278,16233875503812827206,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.fortismerchants.co.uk/rd?cmnpn=93885&ct=90493&u=https%3A%2F%2Fsubcg.tynurserys.com%2FpCavcKaS#aHdpbGxhdWVyQG1hZGlzb253ZWxsc21lZGlhLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1832,i,10525007346694860206,14711578944265795269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1580,i,18033727624882255278,16233875503812827206,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1832,i,10525007346694860206,14711578944265795269,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Madisonwellsmedia546.pdf	Initial sample: PDF keyword /JS count = 0
Source: Madisonwellsmedia546.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Madisonwellsmedia546.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Madisonwellsmedia546.pdf

Initial sample: PDF keyword obj count = 52

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Jump to behavior

ID:	1500041
Product:	CloudBasic
Start time:	20:06:05
Start date:	27.08.2024
Sample:	Madisonwellsmedia546.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	5860e337c8192049cfd7f96f890aa7d0
SHA1:	b235adb0cef62030db5eefe95d6dd4147344186f
SHA256:	d7be5e35ec40822713120fa550bda29ee8e7edcf511d32199983cf0e653ec8a7
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	F1091DF806C5321452BB0F0A54BEB072	4150214EA413C4C3F5FFB8D67D99528F25A7825D	A760322C9715ED9076096A63F0510275B59C891A08C92ADF294EAD841D5F0B6B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	F1091DF806C5321452BB0F0A54BEB072	4150214EA413C4C3F5FFB8D67D99528F25A7825D	A760322C9715ED9076096A63F0510275B59C891A08C92ADF294EAD841D5F0B6B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	1C7A459F300456B442935A33E93F52E4	E82981C258213340E8CA2EC6450D4E63AC269587	A789DF9E2D387E18F6D2B45818DB51121EE6612E61D4EE60EF39B70785C50173
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	1C7A459F300456B442935A33E93F52E4	E82981C258213340E8CA2EC6450D4E63AC269587	A789DF9E2D387E18F6D2B45818DB51121EE6612E61D4EE60EF39B70785C50173
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b1b4a6b-3746-4da3-8a8f-3588479148b4.tmp	JSON data	22D20360D66ACEA3394CE8A75CDA5702	40DCF307CAC95AFFA5919AABEB241BEDCBBF4D9F	8DCB21C35765C75105E622C0176F587D57A102C3469F5B25EE564EB15A631F6A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\57178d7e-aca5-42d6-842c-4ca2e9bfa1ba.tmp	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4719e7.TMP (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	916D3014CC5B68639BA367EAFDB03947	B85EB91875766EABC1A4B218489FFBE3091556A0	AF9EFC227927FE6A619D7D59BB6FC089F94141BE71B67CE9230F3D8D471A68E4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	0A2E1F614EC2A9F82112F58F5C0D6E34	9C7FC62CF6BD515310268F55D6345B79CD5F23A9	1636E990EB3BDD7B3782C442F235E3F197820677A201B8D884DB27019A05CFFB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	0A2E1F614EC2A9F82112F58F5C0D6E34	9C7FC62CF6BD515310268F55D6345B79CD5F23A9	1636E990EB3BDD7B3782C442F235E3F197820677A201B8D884DB27019A05CFFB
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827180642Z-293.bmp	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54	0FC50CC7BAF533F2458CABEF6B091E00	168DE43C99C38DCED00667C97A72077D15B3496C	85A5E256D4F9013B279BCDB38281616006E3ED06432866EA760BA67F191F9149
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	4EE9B232798445E1D7719803C8C18790	F31C83C0A035D853622FE6CF49768AA6205362D7	473BBD8FB66BF41BF5188CF8B614D9B1DEA52D1448BFDC514DF558D4F413E39C
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	49AEBF8CBD62D92AC215B2923FB1B9F5	1723BE06719828DDA65AD804298D0431F6AFF976	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	D4AE187B4574036C2D76B6DF8A8C1A30	B06F409FA14BAB33CBAF4A37811B8740B624D9E5	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	EEFA592256B549A735C70ABD326CDEED	72BC3B7B3E65642236ECDDCF79B2FE545171D65B	A3314BB743C1BBA4755FEB7BBCA0BEEE5E9D6943B65961D1D059A5A9C2E0A4CA
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A	data	5B2560085728CB9055DB33F3BBD77602	62E4585EE4E4C3EC62FF92A5FA3D9B9FC8258F91	693C0BDCC6BBFE2EB4044343000459E567CBDD90976A027C8E1AF475E1BF27B4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	8C24EE004411B3B3C5B5ED0A3DA6F6D6	0EF070AE1636DF02C4291170E4285FD05E33B7F7	F815FB11BE96F9CA0E3760706BEAE1B22FF843241F5851B8671A5DC3CA25E578
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	F6841C56E31F73D9632882ACEF4331E5	3DCC3FC42B6E1CE22AB786AEA75929CE140CC756	9C560845700C1E36EC68EC1AD828693D8F5967E3468C804015D1FFE7392B8EC4
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	CDF27095DD24E9C844BECFACA63C8202	DD5D1D1EC489EDEA1B8CAE9B30AA2DDBF3F1E1AE	7FA0538F26ECA78A07BE744AB665D6CC9C797ABC7F312158252C0FE6787BB26E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	D174E37E8B6B59BD1966E335F0E671B8	9116B993833FFB315983CC4E4E767BCE0DF68C7B	70C34FF69426481D454DFFF20220E38694BB9400523C4EA24EAD8F6A15815619
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	2A8F0B333A6DC7F31FFC2DB21DB111DE	10F93695DA972BD8CCF37B7A4C33849D97906161	B5386818614761C21131D3C58359848A9EFDD9436CFD531265D0D18BADF22C5C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	F0278F0002EEE37D0E21CB34018A1E0F	878FDBE928D46210B20879890449F6E7B28397EA	A243C5D56CF932DE8DEEC28DF65C24F0E7A56E0CCE4B8BDF3856E15FCFECBB13
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	6C9AD905D415EB6A95FE3BAD14AD9583	C73648440A516DAE452CC270E73C87122A353F52	1CE08CEA03714E471A81FF23F0A044A615DD4B4560F11E699E76DD4FC8785B5B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	006ACD9FE72DA60F4CD2263B99B8BC7D	957B410834D173D3F6F0472E11B26696109BBF86	7110372F1DFC5D965771E683BBE365D2719F172BF17EA7160F53AD0FC2624DE3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	5366AC0DFEACA16273D204A8642FC26E	3B5E226329720E17D838B897D6E591F9E73D261A	C122F53E27F7B2CD90BF1616F41962B910A54A1ECCDE09075C410F520B4B816D
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	DF40C6D9E10337E4374D3BF21944FE1B	B2878BE8B0E465D7FB4B5FD52E2D1EC659697317	2F710994FBBAD45575428CEFEC47DCEDD092DC5375B90547428236FBFEB2CA51
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	336A89EA47A22242D3E9BCF8B62E0C17	186C790B35498D1B386E68496D5EC9A469966AC9	86212C0AECFA4E5321827826E80EDAC8AE99939CC99F09382EC6D7223B3F62FC
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	371E766097DE1D5A98794A6FA04758E1	C13509C110489A09B494E2B24502D1378ECC8D46	9A1424032074E8DB074434498EE20E4542E370A1FE565B2CFCEE11CA86AB39CB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	68FE993C4A777A9664CE464B863D3476	1FC2DF5B865E84E76E4EFC660D03623FD529A86D	F28EB60AF2C348938AE75AD59523A471C8FA0A70AE1F027A87A78E5B6D62ADE9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	87D4E9171C5BF08A5F38612845969C22	99A01735243E71B7567A2DC1A6FA6830FA476735	B735EF1B8B2910A21AD8112C0AD33ECB82CA69D6F8AD03CB04D075FDDB57C576
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	727E4642CEAA037B9C86CCB0925A65D3	BDA10A0E35DCF7A7BECD042012CDC00448A8C3C0	F3F1C55EC9BF2A1D3F009E91AE3C6645A48C477A3ECEB47F7FDA67737C61067A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	2B3694E5E6FB0911EA5721C01AE2B1A4	F2D14955FCB22A8EE031DD02D6B7140F1714AD81	67095A23878BAD09ED8E59AD8D3B2F87660DA867CF1BF1196CB20CC177F19A0C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	D010146AC2C693E0D7891C5957C9EDCD	17A004E69DC352FD2EE73FD185B686301EBB124A	A85DFDCFACECCE18CADFE39822EA2763129E4105AB648C73E0D9F7453EA88200
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	1C86E46C958F70196129303F59FDFA12	9BE175D9A141B4884B61C1F4B371DA8C81D2E09C	A09A9107D0E9E0A27F8E62D5DB8DA1F48907AE7D47733B4DC3A8F17BF618048E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	40363972ECDEEAFF0F64F657CEEA8CFE	070DD8DD05DAD310607E86ECEFC5DE2DA1E125F7	849AD7A1BF87C07B4C9B83B773259326404B1C6C09765D4F9736CF81E4A0F9FD
C:\Users\user\AppData\Local\Temp\MSI61ae6.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	F34FDF4BB55F021DFE919F2288D1B9BA	4B4E9E8113C1465224501ECDBEDCB36BD66F3B39	C2A6EE2FB3FAC695FFF2EF207C95FF1AE088A08EA07C6F46A6D07DC6F059EEA1
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 14-06-36-105.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	3710B679C34518E3A0A95567CDA55DA0	39185F8EBC3CB0F48917699A12838BD0EF00D05E	827D3DAC47E14C55FE56A4963EB7DE9F8DA122649FC1AB00B9D38C7215C86447
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	DBE9CB9EF09498F46D9F50A2EE446B8C	43F1E51C0F69F969FFF71F360E6EBAE9DBD8AEEE	F413D3C0104E4C8FF27509AB3DD07BF1D4894C7255E55B64D223062104C735E2
C:\Users\user\AppData\Local\Temp\acrocef_low\39a7d6b0-fe94-4e10-9981-41160cd408bb.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\826c3804-4bee-470c-94a6-06eb2adb38a3.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	54F9524E5CB1D90369179AF25876E1DC	5CAA3316262514A844894CEBF8682468303E5997	29D48E263E47A04745CA55E5BD4C6BDE59AEFED81F012480CB721EFE2CCB5FFE
C:\Users\user\AppData\Local\Temp\acrocef_low\c851e252-a38a-470f-af97-bf5004b0f330.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	C418712C91B71015B42155A884B5A784	A91C8C88057F65144AA3AB30E58578D5AB06E0BC	2453FA9FEBD4AA52258E988ADC97F4B65D6C142553F7BBAF2BCAD5A30CA2CF9E
C:\Users\user\AppData\Local\Temp\acrocef_low\e29eb9d6-7edd-467c-88ce-5b711561beb5.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	8DF764B11EE5AC9E720D1EB4ACBD96A0	D9133A53DFCEB23763FF56F6D96B3B175437B30B	DDBEBF681941286E2E865BA8EA5EE05B52B519154F2C5A39974B796353CB7813
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:06:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2AAFF56C598A1EF44C442B2CD053BE51	7D3D136571A0536A1A8AD78313C244D26E393844	B1B3B6B3AAA59BD247BCBEA4B8D1148374A54228E46D184BF9DFCA4E716A8C3C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:06:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6241BA13D96B7B9E254A9AB4A75DA647	75C45ABF2297BC3271294918CEBFAD07BE0F1102	0FCF1AE9486BE5FF6118E090FCE5544EE583968061F13D3485A7CDBD67F8BDBE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	89FB230ECA47D4AD011E4F71106E91A3	B9FDF76FACB263AA04866E23D5D63BC3C82C4730	28AA3782195FBE881C7068036E3F5AC2E61FA871791D73B33BC93A0AB79982FA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:06:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4F3B3C2E8F1B78BE1F45B6D046FF6D1C	5AFA33A9997AC989DB1528CEF702D393DD865E49	F5CFE4EF0D8997C3CF2443DAEDD7FFAC90224412C5766446C01557DE3419152E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:06:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7516810CE21C7401054C5C849E699DDC	414C21CFA729A0CFD563D5C629BAFB9BACB99C68	25B57A2B905B70C6BDA65A4BD3AB60647B86A29B2E8502AFEEE6BB0D7036C8E3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 17:06:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D9368389D709C06DEF39A629509B9E19	AA3B0A895FD8AF089C6BD3D02F1B3158D6B91081	094B2064B8C9D79AC42A0ED5CA8B5D6FF165088CEE029DA55E37DD93AD2C57A0
Chrome Cache Entry: 196	PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced	3EDA15637AFEAC6078F56C9DCC9BBDB8	97B900884183CB8CF99BA069EEDC280C599C1B74	68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
Chrome Cache Entry: 197	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 198	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 199	ASCII text, with very long lines (65536), with no line terminators	C5154A171ECF29B36625A4AA00A0FD20	869F233A472DAA55AB02319118A347C8955C8A70	ACD0E4C0C63981DB3BF4C78171ACA117E3D165F05E28F04D07ECF5B6AC4B6DCC
Chrome Cache Entry: 200	ASCII text, with no line terminators	37886D0A0CF1AB5695277AC2DABA488F	2C921A9FBFEFBE4598BDA170D0E954A83650E77E	D185159B6A77CD02ED536F44197AF7913ECFD6FD264B113EAC65FCE9A97482F5
Chrome Cache Entry: 201	HTML document, ASCII text	348B3DED1F646836703E8E0E929392E8	66E5C16C5127A1388878EDCE9A91424D48B6FEF7	AC35E024A0CCCF9AD9AC8B5475F83BF5DF1EE1430ADC7E8A3125AA50ABD2134F
Chrome Cache Entry: 202	HTML document, ASCII text, with very long lines (3440), with CRLF line terminators	E660EC0F7DE8991AE726B37B22AD6F8D	42A25A1C508EEB8949BF64F8308ACFED1DD8CEFA	736CF297A60FE7D8D7B1B0FA82CEE64327813DA9996C3EFFB8F10D374B5E7BA6
Chrome Cache Entry: 203	ASCII text, with very long lines (64616)	0ABF0B508CAEACAA1878AC02DACDAF27	F8F0B86569E9A32B04FB0DFAC19D0098BC2C7297	CAF8C00B23C5586029A7C2D280F5B63D1F61038588640CCBCD3F9286AF8E6CC2
Chrome Cache Entry: 204	Unicode text, UTF-8 text, with very long lines (65502), with no line terminators	96BBA0900122BCB74936E11A6A11ED96	CED30669F15CE66AE596557F5C240C7ABD5802E7	897DCC3E89D6BA5BC3F3F7AD04DBD80926CBDDCE229D2FB6D81C3A2E4D259869
Chrome Cache Entry: 205	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 206	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 207	ASCII text, with very long lines (65536), with no line terminators	3231A43330AF277ABE8097AEBB077C19	81638CC27C3856A3B19DDB2D39A5F271918521DE	1D15C59A63A7B17EAAA7FDA96CD274912D5E5B584335EACDCC27A624FAEBCE11
Chrome Cache Entry: 208	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 209	ASCII text, with very long lines (64616)	EE9383250ACBA9B67D8236F5FF60E5AE	C4CA7EBD7F60CC2752DF5AD4C2054C5973D33378	CC01635E831DEEDD9E3318D9EA544F679A3AA0D993550DF7C54AD726C653BB12
Chrome Cache Entry: 210	Unicode text, UTF-8 text, with very long lines (32057)	B59C16ABA59DB0BC490C85B30C0B60E8	7B708EC7EDC902283A755FC0BF4E767A2A28473E	D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
Chrome Cache Entry: 211	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 212	ASCII text, with no line terminators	37886D0A0CF1AB5695277AC2DABA488F	2C921A9FBFEFBE4598BDA170D0E954A83650E77E	D185159B6A77CD02ED536F44197AF7913ECFD6FD264B113EAC65FCE9A97482F5
Chrome Cache Entry: 213	HTML document, ASCII text, with very long lines (9892), with no line terminators	55BE610015B881EC43AA353804C59398	F3BB19FB36C7EE3C12129EB1F2A0F00877B26CE4	1C6DF00FA02C7028DB923E9077968C0C1A42860346DB92EEF1DBC4D11E5EB60A
Chrome Cache Entry: 214	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 215	PNG image data, 16 x 35, 8-bit/color RGB, non-interlaced	1253F72A1ED35E642EEB30DEC52CCEDD	9F5DC4347E76E55FADA9897F17BEE89663E012A8	7201D968F30B5D1B69C0AEFFB40CBADF1192E0FF6ED9AA4C6D9F1AA10A381EC2
Chrome Cache Entry: 216	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 217	ASCII text, with very long lines (65536), with no line terminators	C5154A171ECF29B36625A4AA00A0FD20	869F233A472DAA55AB02319118A347C8955C8A70	ACD0E4C0C63981DB3BF4C78171ACA117E3D165F05E28F04D07ECF5B6AC4B6DCC
Chrome Cache Entry: 218	ASCII text, with very long lines (64612)	21FB66A712FCAB3BF6667404C78631D6	6011F3E397AEB5B807EB6BE1A08ABFD302E9D253	BAB311BF22661B153353A159F0EC931DBCB79F950FA37DAF9D0FF180CBF45DEB
Chrome Cache Entry: 219	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 220	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	12204899D75FC019689A92ED57559B94	CCF6271C6565495B18C1CED2F7273D5875DBFB1F	39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
Chrome Cache Entry: 221	ASCII text, with very long lines (46090)	2509D4C564AFC2C77D16BA6CA509B39F	201F1D80F8EEA9F5E8A7A7224CFF18674344F886	D468D9F009E53FE1C47B9D6FDEFA3FF1A8C239973F11A6F892848E341EA17CCD
Chrome Cache Entry: 222	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 223	Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators	761CE9E68C8D14F49B8BF1A0257B69D6	8CF5D714D35EFFA54F3686065CB62CCE028E2C77	BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
Chrome Cache Entry: 224	ASCII text, with very long lines (65536), with no line terminators	4907564678D446FFAA53DF3A643B0667	6DCE0B5E6E329513347392CFC1CC1378B69C6F45	8A521330F23DE7D360BB9FD22F97D18A5236514455971DABADC468663436A133
Chrome Cache Entry: 225	ASCII text, with very long lines (65536), with no line terminators	07B7E2D70851B7E03B65E03697F999DA	D61CEC70B6ADEB7914C2B281FE3301A848011E3F	E044C65C5CD9C301C41D7391B075AE7E98FF7259064F6415609A991E8E98586E
Chrome Cache Entry: 226	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 227	ASCII text, with very long lines (65536), with no line terminators	4877EFC88055D60953886EC55B04DE34	2341B026A3E2A3B01AFA1A39D1706840D75E09B3	8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
Chrome Cache Entry: 228	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 229	ASCII text, with very long lines (46090)	2509D4C564AFC2C77D16BA6CA509B39F	201F1D80F8EEA9F5E8A7A7224CFF18674344F886	D468D9F009E53FE1C47B9D6FDEFA3FF1A8C239973F11A6F892848E341EA17CCD
Chrome Cache Entry: 230	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 231	ASCII text, with very long lines (61177)	41955034BB6BC6963DF5A8ECA72C5B81	D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81	1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
Chrome Cache Entry: 232	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 233	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 234	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 235	ASCII text, with very long lines (64612)	21FB66A712FCAB3BF6667404C78631D6	6011F3E397AEB5B807EB6BE1A08ABFD302E9D253	BAB311BF22661B153353A159F0EC931DBCB79F950FA37DAF9D0FF180CBF45DEB
Chrome Cache Entry: 236	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	9786D38346567E5E93C7D03B06E3EA2D	23EF8C59C5C9AA5290865933B29C9C56AB62E3B0	263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
Chrome Cache Entry: 237	ASCII text, with very long lines (65536), with no line terminators	07B7E2D70851B7E03B65E03697F999DA	D61CEC70B6ADEB7914C2B281FE3301A848011E3F	E044C65C5CD9C301C41D7391B075AE7E98FF7259064F6415609A991E8E98586E
Chrome Cache Entry: 238	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 239	ASCII text, with very long lines (994), with no line terminators	E2110B813F02736A4726197271108119	D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857	6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
Chrome Cache Entry: 240	ASCII text, with very long lines (65536), with no line terminators	AF8D946B64D139A380CF3A1C27BDBEB0	C76845B6FFEAF14450795C550260EB618ABD60AB	37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
Chrome Cache Entry: 241	ASCII text, with very long lines (45797)	033A93064FBF6C5BEA2377A5D08D554D	75524ED095D9ACDD42EA8D67D38A5B0793081D70	1EC87632EE58734951AA02813EF07AD377126A39A16F063C181519B98FFFFC07
Chrome Cache Entry: 242	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 243	ASCII text, with very long lines (45797)	033A93064FBF6C5BEA2377A5D08D554D	75524ED095D9ACDD42EA8D67D38A5B0793081D70	1EC87632EE58734951AA02813EF07AD377126A39A16F063C181519B98FFFFC07
Chrome Cache Entry: 244	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 245	ASCII text, with very long lines (65536), with no line terminators	4907564678D446FFAA53DF3A643B0667	6DCE0B5E6E329513347392CFC1CC1378B69C6F45	8A521330F23DE7D360BB9FD22F97D18A5236514455971DABADC468663436A133
Chrome Cache Entry: 246	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	D9E3D2CE0228D2A5079478AAE5759698	412F45951C6AEDA5F3DF2C52533171FC7BDD5961	7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
Chrome Cache Entry: 247	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 248	ASCII text, with very long lines (65536), with no line terminators	3231A43330AF277ABE8097AEBB077C19	81638CC27C3856A3B19DDB2D39A5F271918521DE	1D15C59A63A7B17EAAA7FDA96CD274912D5E5B584335EACDCC27A624FAEBCE11
Chrome Cache Entry: 249	PNG image data, 16 x 35, 8-bit/color RGB, non-interlaced	1253F72A1ED35E642EEB30DEC52CCEDD	9F5DC4347E76E55FADA9897F17BEE89663E012A8	7201D968F30B5D1B69C0AEFFB40CBADF1192E0FF6ED9AA4C6D9F1AA10A381EC2
Chrome Cache Entry: 250	Unicode text, UTF-8 text, with very long lines (32057)	B59C16ABA59DB0BC490C85B30C0B60E8	7B708EC7EDC902283A755FC0BF4E767A2A28473E	D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
Chrome Cache Entry: 251	ASCII text, with very long lines (65536), with no line terminators	4877EFC88055D60953886EC55B04DE34	2341B026A3E2A3B01AFA1A39D1706840D75E09B3	8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
Chrome Cache Entry: 252	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D

Windows Analysis Report
Madisonwellsmedia546.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Madisonwellsmedia546.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Madisonwellsmedia546.pdf