Edit tour

Windows Analysis Report
Payout Receipt.pptx

Overview

General Information

Sample name:	Payout Receipt.pptx
Analysis ID:	1525814
MD5:	1417101d84f9b072a9d27567e41b12eb
SHA1:	d4ad5741fd589701af1c8270cfedeced334c0956
SHA256:	12dda16106f761f8d7508f450b212e3eefdbef67e97ff74afde7ac94ba704498
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Yara detected HtmlPhish54

Phishing site detected (based on favicon image match)

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML page contains string obfuscation

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Suspicious Office Outbound Connections

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

POWERPNT.EXE (PID: 6380 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\Payout Receipt.pptx" /ou "" MD5: 2A43FE7F9F699F7F53FEBC254F68F46D)

ai.exe (PID: 6856 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4F1F87A3-2D62-4CDB-ABDF-61BB45105DB2" "40BB7578-B581-41D4-B322-FEC0ED1808AE" "6380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 5336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2980 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,8800721303449338163,5848358366860922411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
0.10.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.23.i.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.6.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.7.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.8.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Sigma Signatures

Sigma detected: Suspicious Office Outbound Connections

Source: Network Connection

Author: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.17, DestinationIsIpv6: false, DestinationPort: 49709, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE, Initiated: true, ProcessId: 6380, Protocol: tcp, SourceIp: 13.107.246.60, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://crewbloom.s3.amazonaws.com/34873.html

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known technology company with a legitimate domain of 'microsoft.com'., The URL 'l0gin-microso.ftlivedocs.tech' contains several suspicious elements: 'l0gin' instead of 'login', 'microso' instead of 'microsoft', and an unusual domain extension '.tech'., The domain 'ftlivedocs.tech' does not match the legitimate domain associated with Microsoft., The use of a hyphen and misspellings in the URL are common phishing tactics., The presence of an input field for 'Email' suggests an attempt to collect sensitive information, which is typical in phishing sites. DOM: 0.8.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 0.10.id.script.csv, type: HTML
Source: Yara match	File source: 0.23.i.script.csv, type: HTML
Source: Yara match	File source: 0.6.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.8.pages.csv, type: HTML

Phishing site detected (based on favicon image match)

Source: https://ftlivedocs.tech	Matcher: Template: microsoft matched with high similarity
Source: https://crewbloom.s3.amazonaws.com/34873.html	Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka	Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	Matcher: Template: microsoft matched with high similarity
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTTP Parser: Number of links: 0

Source: https://crewbloom.s3.amazonaws.com/34873.html

HTTP Parser: Base64 decoded: https://l0gi

Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka

HTTP Parser: Found new string: script . var ip;. function EnterSite() {. window.location.href = 'ht' + 'tps' + ':' + '//' + 'l0g' + 'in' + '-' + 'm' + 'ic' + 'r' + 'os' + 'o' + '.ft' + 'liv' + 'ed' + 'o' + 'cs.' + 't' + 'e' + 'c' + 'h/K' + 'UtI' + 'd' + 'Fka' + '?S' + '=' + 'U' + 'mxu' + 'Hl' + 'o'. }. ..

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://crewbloom.s3.amazonaws.com/34873.html	HTTP Parser: No favicon
Source: https://crewbloom.s3.amazonaws.com/34873.html	HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka	HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/KUtIdFka	HTTP Parser: No favicon
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No favicon

Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49847 version: TLS 1.2

Source: powerpnt.exe

Memory has grown: Private usage: 2MB later: 110MB

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45
Source: Joe Sandbox View	IP Address: 146.75.52.159 146.75.52.159
Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.2

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6Xtt1sBzydtZp6M&MD=91XKTh55 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/powerpnt.exe-Production-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html HTTP/1.1Host: nomicscare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /34873.html HTTP/1.1Host: crewbloom.s3.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://crewbloom.s3.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: crewbloom.s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://crewbloom.s3.amazonaws.com/34873.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /KUtIdFka HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://crewbloom.s3.amazonaws.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/8cd56a630cf741e3/1728047464610/6315a5703f342bce662661e8fa8e5cfbec36c51d90ea70cfa211f89c976d3430/n-8rMprBONH9scU HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KUtIdFka?S=UmxuHlo HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/KUtIdFkaAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: www.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd; fpc=AiTvsUNzDMhLtivCMH0SOIk; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe6JSh8XySIX2JZIyDEcAnTGHJW7xDRybzTrnJSMuljy1faq4uekBlYW6QepUzkeCCVeoETYsf77cKfqUAaCR3HLP0IdxhCl6lLOWFylALBPap_5Jy1OH6KOB0tgqhPeFvx9h3RpcXxRAQOONMX0l8end4UyP-YrFmgiLM0lyRyksgAA; stsservicecookie=estsfd; MUID=0572C4040C3160E33E86D10A0D3661F9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true HTTP/1.1Host: l0gin-microso.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; x-ms-gateway-slice=estsfd; fpc=AiTvsUNzDMhLtivCMH0SOIk; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe6JSh8XySIX2JZIyDEcAnTGHJW7xDRybzTrnJSMuljy1faq4uekBlYW6Qep
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/BssoInterrupt_Core_JQnUxWSvwsd9FrpspQmznw2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; MUID=0572C4040C3160E33E86D10A0D3661F9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://l0gin-microso.ftlivedocs.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/ConvergedLogin_PCore_ELtAAt2Ya8ISGuc0PJcBKA2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.ftlivedocs.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; MUID=0572C4040C3160E33E86D10A0D3661F9; uaid=12fc96651938487da1bcb76e2727bac5; MSPRequ=id=N&lt=1728047473&co=1
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6Xtt1sBzydtZp6M&MD=91XKTh55 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://l0gin-microso.ftlivedocs.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAbIzB0A4h2D%2BNkHrVkQylh58%2BvwMN/s6obbwPIDvP8RId7%2B52mg6j96NqltBLmSJDZq7dpan/Biy4iI94XRRBsKCwcQnYCkLPOqnjz8HPQwbOUE8Z1jVHWhD5RDayAmqSOaVYKZaqyvHF0Sbv7B6HLy1wh1STiGG8DdEISAuVtusyELKMwv7OLxWUZnZHDsm5ow0olTWYecTmkPOEw9B6plzponbdE%2BWd5JOar5hhsREUVwj6rVk2E2CX6pjwCdqrcUea1pn1cWWQNIc/IR/AZjod6v1bK9MiQXyhpG3or9vWDY62DKBleAo7GizRpXE%2BiCiOffEzOnWGviCSWajBi0QZgAAEM5S7DwxrwApMATd2WxVp%2BOwAZe1pwhoFYCyynam8KnopJ9vBSxTxxklQ1FROTdoEkZKx6JFCTcja4kqEh6US0eitvQbSqciLfwThHUrPrU/lBONghJO0/Os7D4evM374mWxI2PBgVfFuNR/Sm3CEB0Z4m/A%2B1UROyD6JVrVwbg8l1sFgfqSzvoElbGJyDztj9F/ntgpEX5klsqOFmA46%2BGcN%2BR242lQeArgSmStNBHstuGpa3JVd%2BFDN7XviS3AbKyPh/2E7G1m9VvFb5F76R1HUgzEvUyjUfFYL2CqJ32x2v0d3BGK4NNqLVo/tI%2BAaeAe1uLdM0Gcv2%2Bitf5%2BXvpvxojy9x7tTbQWWbomh5%2BgbwkmCye3SpUDCk2olN95yNqlaRBxFR4PxrYUGYITBj8%2BdQPhLChw9I2AIvPuEhO8eR8tqnk9/ROZe%2Bu9Iuxwr665N0M%2B/W6S37jrp%2Bgr0E1kU/dKfZL6dXH8oVdI/m4CXJS%2Bnw/kLEZhrVeU/lULXiX0hZQCYIEIsQ0Phgt/mQSb6yFidBHH1eLCfLOZAqAaH18vzs9mUepvhTOiCZ0s9REPadu7heYRnpsrfxiaFFEHRtcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1728047494User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 2578F7F661CB4F88B6597755BC50BB4AX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: global traffic	DNS traffic detected: DNS query: nomicscare.com
Source: global traffic	DNS traffic detected: DNS query: crewbloom.s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: pbs.twimg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: l0gin-microso.ftlivedocs.tech
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.ftlivedocs.tech
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ywnjb.ftlivedocs.tech
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbiddenx-amz-request-id: M4RGGHMMMNGH1FQ7x-amz-id-2: J5FNCwYXYTAg7fPoukB+g+Tfvb9a72793pOw24cgCZ69wzj/Y5z6lbGwnDL5Rz2FwX/nHDyi7TPkKohyiW2t3Q==Content-Type: application/xmlTransfer-Encoding: chunkedDate: Fri, 04 Oct 2024 13:10:51 GMTServer: AmazonS3Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:04 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}X-Ms-Ests-Server: 2.1.19005.9 - NCUS ProdSlicesX-Ms-Request-Id: f263b88c-7eca-4adc-9de0-66f6a6630600X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8cd56a6d09578c2f-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:05 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: PWLXgaJDLE27pSu3T4xa7t6dW6j7j0GRqiE=$Daohbmu9MW1icFpacache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8cd56a739e050f3d-EWR
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 04 Oct 2024 13:11:08 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: OJsGAxN8qj6DrvDaz5peZlZzqVoYom3qgeY=$pQsbHOjbUeTv7CMIServer: cloudflareCF-RAY: 8cd56a87cc940f9c-EWR

Source: chromecache_1178.12.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Source: chromecache_1178.12.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_1172.12.dr	String found in binary or memory: https://l0gin-microso.ftlivedocs.tech
Source: chromecache_1172.12.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.2:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.133:443 -> 192.168.2.17:49847 version: TLS 1.2

Source: rule700351v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule70036v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule70037v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700400v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700401v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700450v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700451v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700500v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700501v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700550v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700551v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700600v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700601v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700650v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700651v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700700v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700701v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700750v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700751v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700850v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700851v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700900v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700901v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700950v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule700951v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701050v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701051v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701100v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701101v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701150v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701151v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701200v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701201v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701250v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701251v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701300v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701301v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701350v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701351v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324004v4.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701400v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324005v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701401v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324005v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701500v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324006v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701501v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324006v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701550v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324007v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701551v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324007v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701650v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324008v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701651v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324008v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324009v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701700v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701701v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324009v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701750v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324010v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701751v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324010v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701800v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324011v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701801v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324012v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701850v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324013v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701851v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324014v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701900v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324015v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701901v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule324016v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule325000v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701950v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule701951v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule325001v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702000v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule325002v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702001v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule360000v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702050v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule360001v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702051v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370000v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702100v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370001v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702101v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370002v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702150v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370005v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702151v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370006v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370007v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702200v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702201v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370009v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702250v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370011v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702251v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule370012v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702300v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule390004v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702301v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule390005v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702350v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule440000v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702351v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule460008v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702400v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule460009v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702401v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490002v13.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490003v7.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702450v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702451v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490004v7.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702500v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490005v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702501v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule150246v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490009v5.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702550v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule150249v0.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490010v7.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702551v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule150259v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490011v4.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702600v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule150262v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490014v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702601v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170000v6.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490015v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702650v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170002v6.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490015v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702651v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170003v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490015v4.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170005v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490015v5.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170007v5.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170009v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702700v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702701v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490016v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702750v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490018v3.xml.3.dr	OLE indicator, VBA macros: true
Source: rule702751v1.xml.3.dr	OLE indicator, VBA macros: true
Source: rule170011v2.xml.3.dr	OLE indicator, VBA macros: true
Source: rule490020v3.xml.3.dr	OLE indicator, VBA macros: true

Source: rule700351v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule70036v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule70037v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700400v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700401v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700450v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700451v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700500v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700501v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700550v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700551v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700600v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700601v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700650v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700651v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700700v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700701v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700750v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700751v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700850v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700851v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700900v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700901v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700950v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule700951v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701050v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701051v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701100v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701101v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701150v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701151v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701200v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701201v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701250v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701251v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701300v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701301v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701350v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701351v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324004v4.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701400v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324005v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701401v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324005v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701500v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324006v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701501v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324006v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701550v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324007v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701551v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324007v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701650v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324008v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701651v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324008v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324009v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701700v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701701v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324009v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701750v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324010v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701751v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324010v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701800v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324011v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701801v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324012v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701850v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324013v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701851v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324014v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701900v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324015v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701901v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule324016v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325000v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701950v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule701951v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325001v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702000v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule325002v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702001v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule360000v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702050v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule360001v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702051v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370000v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702100v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370001v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702101v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370002v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702150v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370005v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702151v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370006v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370007v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702200v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702201v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370009v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702250v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370011v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702251v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule370012v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702300v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule390004v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702301v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule390005v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702350v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule440000v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702351v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule460008v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702400v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule460009v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702401v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490002v13.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490003v7.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702450v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702451v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490004v7.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702500v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490005v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702501v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150246v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490009v5.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702550v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150249v0.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490010v7.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702551v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150259v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490011v4.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702600v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule150262v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490014v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702601v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170000v6.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702650v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170002v6.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702651v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170003v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v4.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170005v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490015v5.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170007v5.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170009v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702700v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702701v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490016v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702750v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490018v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule702751v1.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule170011v2.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: rule490020v3.xml.3.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal76.phis.winPPTX@20/1149@30/13

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\PowerPoint

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File created: C:\Users\user\AppData\Local\Temp\{E910548C-1979-4833-9FEE-78F97BEE9BF6} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\user\Desktop\Payout Receipt.pptx" /ou ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4F1F87A3-2D62-4CDB-ABDF-61BB45105DB2" "40BB7578-B581-41D4-B322-FEC0ED1808AE" "6380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,8800721303449338163,5848358366860922411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4F1F87A3-2D62-4CDB-ABDF-61BB45105DB2" "40BB7578-B581-41D4-B322-FEC0ED1808AE" "6380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,8800721303449338163,5848358366860922411,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Payout Receipt.pptx	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://crewbloom.s3.amazonaws.com/34873.html	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	3.5.1.122	true	false	unknown
nomicscare.com	51.255.64.170	true	false	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	unknown
dualstack.twimg.twitter.map.fastly.net	146.75.52.159	true	false	unknown
l0gin-microso.ftlivedocs.tech	104.26.12.69	true	true	unknown
challenges.cloudflare.com	104.18.95.41	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	unknown
sni1gl.wpc.omegacdn.net	152.199.21.175	true	false	unknown
www.google.com	142.250.185.68	true	false	unknown
www.ftlivedocs.tech	172.67.71.124	true	false	unknown
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	unknown
ywnjb.ftlivedocs.tech	172.67.71.124	true	false	unknown
crewbloom.s3.amazonaws.com	unknown	unknown	false	unknown
identity.nel.measure.office.net	unknown	unknown	false	unknown
pbs.twimg.com	unknown	unknown	false	unknown
aadcdn.msftauth.net	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://l0gin-microso.ftlivedocs.tech/favicon.ico	false		unknown
https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js	false		unknown
https://ywnjb.ftlivedocs.tech/Me.htm?v=3	false		unknown
https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?	false		unknown
https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/scripts/jsd/main.js	false		unknown
https://l0gin-microso.ftlivedocs.tech/KUtIdFka?S=UmxuHlo	true		unknown
https://l0gin-microso.ftlivedocs.tech/KUtIdFka	true		unknown
https://www.ftlivedocs.tech/login	false		unknown
https://l0gin-microso.ftlivedocs.tech/cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a	false		unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cd56a630cf741e3/1728047464607/YBBtqSrR-kb7LqJ	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8cd56a630cf741e3/1728047464610/6315a5703f342bce662661e8fa8e5cfbec36c51d90ea70cfa211f89c976d3430/n-8rMprBONH9scU	false		unknown
https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/	false		unknown
https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638636442697330204.NjIwZWJjNjEtNmMyNi00NTY5LWFhMWItYzQ4NTQyOWEzNGQ0MjMxNjBhODctYjRiNy00ZmQ5LWI0MzMtNWU1NmMxYjE0NWMx&ui_locales=en-US&mkt=en-US&client-request-id=37a08538-dff5-407d-be68-819033033a7a&state=KXouNT3DCC4nJGmZ0UPqr43DvOETQcMOHzyW3XKW_GmmSSP1vhdbuw5XASgqJ79HETi6JwhHJ6QWBKwBMy02TUIwHPB3pd6CKYG_YWqx9kPhyBezozkFI1hhf1DwNAMV6i3WbD94ziRYYdhiW7ILPzoTsrP8EPqDjpPTPwsGlE2ddaYguV0DrAR1iKncN8RtOGlb_uoJSY4fDM1dafLvW1gf5IX7c3_kF1zQXY4vcldCPOaUyZ98s32esN_GOxDd6BxYK5bGLDx5Op0mZGALvw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true	true		unknown
https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=large	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a	false		unknown
https://l0gin-microso.ftlivedocs.tech/	false		unknown
https://crewbloom.s3.amazonaws.com/34873.html	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html	false		unknown
https://crewbloom.s3.amazonaws.com/favicon.ico	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://login.windows-ppe.net	chromecache_1172.12.dr	false		unknown
https://l0gin-microso.ftlivedocs.tech	chromecache_1172.12.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
146.75.52.159	dualstack.twimg.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
3.5.1.122	s3-w.us-east-1.amazonaws.com	United States	14618	AMAZON-AESUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.26.13.69	unknown	United States	13335	CLOUDFLARENETUS	false
51.255.64.170	nomicscare.com	France	16276	OVHFR	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
172.67.71.124	www.ftlivedocs.tech	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.26.12.69	l0gin-microso.ftlivedocs.tech	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525814
Start date and time:	2024-10-04 15:09:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Payout Receipt.pptx
Detection:	MAL
Classification:	mal76.phis.winPPTX@20/1149@30/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pptx

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.109.32.97, 52.109.28.47, 52.113.194.132, 142.250.184.195, 142.250.181.238, 64.233.184.84, 34.104.35.123, 104.208.16.90, 192.229.221.95, 95.101.111.179, 95.101.111.168, 142.250.184.202, 2.16.164.89, 2.16.164.34, 142.250.185.234, 142.250.186.106, 172.217.16.202, 142.250.185.106, 172.217.18.10, 142.250.184.234, 142.250.185.170, 216.58.206.42, 142.250.185.74, 142.250.186.170, 142.250.186.42, 142.250.185.202, 142.250.181.234, 142.250.185.138, 172.217.16.138, 88.221.110.138, 88.221.110.227, 142.250.186.35, 2.16.238.152, 2.16.238.149, 142.250.184.238
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, a1847.dscg2.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, update.googleapis.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, www.bing.com, ecs.office.com, fs.microsoft.com, content-autofill.googleapis.com, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, aadcdn.msauth.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, uks-azsc-000.roaming.officeapps.live.com, edgedl.me.gvt1.com, nel.measure.office.net.edgesuite.net, s-0005.s-msedge.net, aadcdnoriginwus2.afd.azureedge.net, metadata.templates.cdn.office.net, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live.com.akadns.net, binaries.templates.cdn.office.net.edgesuite.net, otelrules.afd.azureedge.net, templatesmetadata.office.net.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Payout Receipt.pptx

Source	URL
Screenshot	https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html
Screenshot	https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html
Screenshot	https://nomicscare.com/fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html

LLM Input / Output

Input	Output
URL: https://crewbloom.s3.amazonaws.com/34873.html Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://crewbloom.s3.amazonaws.com/34873.html Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv Model: jbxai	{ "brand":["Microsoft"], "contains_trigger_text":true, "trigger_text":"Sign in", "prominent_button_name":"Next", "text_input_field_labels":["Email", "phone", "Skype"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://l0gin-microso.ftlivedocs.tech/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv Model: jbxai	{ "phishing_score":9, "brands":"Microsoft", "legit_domain":"microsoft.com", "classification":"wellknown", "reasons":["The brand 'Microsoft' is a well-known technology company with a legitimate domain of 'microsoft.com'.", "The URL 'l0gin-microso.ftlivedocs.tech' contains several suspicious elements: 'l0gin' instead of 'login', 'microso' instead of 'microsoft', and an unusual domain extension '.tech'.", "The domain 'ftlivedocs.tech' does not match the legitimate domain associated with Microsoft.", "The use of a hyphen and misspellings in the URL are common phishing tactics.", "The presence of an input field for 'Email' suggests an attempt to collect sensitive information, which is typical in phishing sites."], "brand_matches":[false], "url_match":false, "brand_input":"Microsoft", "input_fields":"Email"}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4
172.67.71.124	where to find rrsp contract number 19034.js	Get hash	malicious	Unknown	Browse
146.75.52.159	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse
	http://ogp.me/ns#	Get hash	malicious	Unknown	Browse
	ORA _ Morningstar DBRS.html	Get hash	malicious	Unknown	Browse
	http://nursing-theory.org/	Get hash	malicious	Coinimp	Browse
	http://lifelovemama.cloud/?dD1jJmQ9OTYyODEmbD0yMzgzMSZjPTMwNjM0MA==	Get hash	malicious	Phisher	Browse
	https://s.id/1GOxy	Get hash	malicious	Unknown	Browse
104.18.95.41	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse
	https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsN	Get hash	malicious	Unknown	Browse
	https://kakeza.com/aW5mb0BkZXNpZ25lcm91dGxldG5ldW11ZW5zdGVyLmRl&NrPFWwrrioJP&hmr&x-af-vt&02810264	Get hash	malicious	HTMLPhisher	Browse
	https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893a	Get hash	malicious	HTMLPhisher	Browse
	https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893a	Get hash	malicious	Unknown	Browse
	faststone-capture_voLss-1.exe	Get hash	malicious	PureLog Stealer	Browse
	http://perweierscotish.online	Get hash	malicious	HtmlDropper	Browse
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse
13.107.246.60	https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1v	Get hash	malicious	Unknown	Browse	www.mimecast.com/Customers/Support/Contact-support/
13.107.246.60	http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5	Get hash	malicious	Unknown	Browse	wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
challenges.cloudflare.com	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse	104.18.95.41
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsN	Get hash	malicious	Unknown	Browse	104.18.95.41
	https://kakeza.com/aW5mb0BkZXNpZ25lcm91dGxldG5ldW11ZW5zdGVyLmRl&NrPFWwrrioJP&hmr&x-af-vt&02810264	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893a	Get hash	malicious	HTMLPhisher	Browse	104.18.94.41
	https://docsignfile.z13.web.core.windows.net/&redirect_mongo_id=66fea70f62194c155d978939&utm_source=Springbot&utm_medium=Email&utm_campaign=66fea70f62194c155d97893a	Get hash	malicious	Unknown	Browse	104.18.94.41
	https://lillian.ru.com/9?ai=xd	Get hash	malicious	Unknown	Browse	104.18.94.41
	http://perweierscotish.online	Get hash	malicious	HtmlDropper	Browse	104.18.95.41
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse	104.18.94.41
	https://microsoftonlineworking.pages.dev/#?email=YW5kcmV3X2hvbHRAdGFjLnZpYy5nb3YuYXU=	Get hash	malicious	ReCaptcha Phish	Browse	104.18.95.41
s-part-0017.t-0009.t-msedge.net	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	Set-up.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	13.107.246.45
	https://test1web.edukati2.websku.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	Set-up.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	13.107.246.45
	Set-up.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	13.107.246.45
	https://www.oferdigitaiscom.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	Vidar	Browse	13.107.246.45
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	13.107.246.45
	http://wiki.hostmaster.chinametrogroup.com/	Get hash	malicious	Unknown	Browse	13.107.246.45
dualstack.twimg.twitter.map.fastly.net	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	146.75.52.159
	https://t.co/dvIdjH2Xsv	Get hash	malicious	Unknown	Browse	199.232.188.159
	ORA _ Morningstar DBRS.html	Get hash	malicious	Unknown	Browse	146.75.52.159
	Payout_receipt.pdf	Get hash	malicious	Unknown	Browse	199.232.188.159
	https://www.marketbeat.com/articles/music-streaming-site-spotify-temporarily-goes-down-2024-09-29/?utm_source=newsletter&utm_medium=email&utm_campaign=newsletterclick&source=ARNDaily&AccountID=13091940&hash=99E2922EEB6FEC86743F5DB2C0E84BA5899D68F68F1472F885291F590EAD713452D3376C362A15DEDE29DFC4761637FD6FDD698F31176C60366847F610D6C32C	Get hash	malicious	Unknown	Browse	199.232.188.159
	http://www.etissallatss.com/	Get hash	malicious	Unknown	Browse	199.232.188.159
	https://rajkamalkanna.github.io/Facebook-Login-Page/	Get hash	malicious	HTMLPhisher	Browse	199.232.188.159
	https://bossmeu.github.io/get-apply-badge-verified/	Get hash	malicious	HTMLPhisher	Browse	199.232.188.159
	https://3rd-party-content-detected.github.io/request-verified-badge/	Get hash	malicious	HTMLPhisher	Browse	199.232.188.159
	https://vinitk1509.github.io/NETFLIX	Get hash	malicious	HTMLPhisher	Browse	199.232.188.159
s3-w.us-east-1.amazonaws.com	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	16.182.32.161
	https://trello.com/c/HA4sCE32	Get hash	malicious	HTMLPhisher	Browse	3.5.28.85
	Layer.exe	Get hash	malicious	Unknown	Browse	3.5.17.246
	Layer.exe	Get hash	malicious	Unknown	Browse	16.182.32.217
	sostener.vbs	Get hash	malicious	Njrat	Browse	52.217.142.185
	sostener.vbs	Get hash	malicious	XWorm	Browse	52.216.144.11
	https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3E	Get hash	malicious	Phisher	Browse	3.5.29.116
	https://www.kisa.link/dANpz	Get hash	malicious	Phisher	Browse	52.217.132.193
	https://convertwithwave.com	Get hash	malicious	Unknown	Browse	52.217.105.36
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse	52.217.130.161

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	AHCHICSvjmApRFFQmAQXRyNbw.ps1	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://www.dropbox.com/l/scl/AACFGimR3EJt-RbOzI8FO3hUk-bWh7Zwq_k	Get hash	malicious	Unknown	Browse	13.107.42.14
	https://www.wbtd.com/	Get hash	malicious	Unknown	Browse	20.157.217.65
	https://www.thefirsthbcu.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	hJABTqngKoJnTgLh.ps1	Get hash	malicious	Unknown	Browse	150.171.28.10
	CHDLSHtWbSRCfzJMtDO.ps1	Get hash	malicious	Unknown	Browse	150.171.28.10
	http://ogp.me/ns#	Get hash	malicious	Unknown	Browse	150.171.27.10
	PO20241003.xls	Get hash	malicious	Unknown	Browse	13.107.253.72
	https://kakeza.com/aW5mb0BkZXNpZ25lcm91dGxldG5ldW11ZW5zdGVyLmRl&NrPFWwrrioJP&hmr&x-af-vt&02810264	Get hash	malicious	HTMLPhisher	Browse	20.162.120.23
	SWIFT 103 202406111301435660 110624-pdf.vbs	Get hash	malicious	Remcos	Browse	13.107.253.45
SCCGOVUS	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	146.75.52.158
	https://www.dropbox.com/l/scl/AACFGimR3EJt-RbOzI8FO3hUk-bWh7Zwq_k	Get hash	malicious	Unknown	Browse	146.75.52.157
	hJABTqngKoJnTgLh.ps1	Get hash	malicious	Unknown	Browse	146.75.52.157
	http://ogp.me/ns#	Get hash	malicious	Unknown	Browse	146.75.52.158
	ORA _ Morningstar DBRS.html	Get hash	malicious	Unknown	Browse	146.75.52.158
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	146.75.52.157
	https://trello.com/c/2T5XVROV	Get hash	malicious	HTMLPhisher	Browse	146.75.88.157
	1bhYyrjyNk.vbs	Get hash	malicious	Unknown	Browse	146.75.116.223
	WQRNV7bMS5.vbs	Get hash	malicious	Unknown	Browse	146.75.116.223
	6L9vCf48mN.vbs	Get hash	malicious	Unknown	Browse	146.75.116.223
AMAZON-AESUS	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	3.82.83.121
	c42oX67S73.ps1	Get hash	malicious	Unknown	Browse	52.23.7.200
	AHCHICSvjmApRFFQmAQXRyNbw.ps1	Get hash	malicious	Unknown	Browse	34.236.124.61
	https://www.dropbox.com/l/scl/AACFGimR3EJt-RbOzI8FO3hUk-bWh7Zwq_k	Get hash	malicious	Unknown	Browse	35.169.41.95
	https://www.wbtd.com/	Get hash	malicious	Unknown	Browse	34.197.42.150
	https://www.thefirsthbcu.com/	Get hash	malicious	HTMLPhisher	Browse	3.233.158.26
	hJABTqngKoJnTgLh.ps1	Get hash	malicious	Unknown	Browse	34.193.113.164
	CHDLSHtWbSRCfzJMtDO.ps1	Get hash	malicious	Unknown	Browse	54.210.189.148
	http://ogp.me/ns#	Get hash	malicious	Unknown	Browse	54.165.87.158
	presupuesto urgente.exe	Get hash	malicious	FormBook, GuLoader	Browse	184.73.212.51
MICROSOFT-CORP-MSN-AS-BLOCKUS	AHCHICSvjmApRFFQmAQXRyNbw.ps1	Get hash	malicious	Unknown	Browse	150.171.27.10
	https://www.dropbox.com/l/scl/AACFGimR3EJt-RbOzI8FO3hUk-bWh7Zwq_k	Get hash	malicious	Unknown	Browse	13.107.42.14
	https://www.wbtd.com/	Get hash	malicious	Unknown	Browse	20.157.217.65
	https://www.thefirsthbcu.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	hJABTqngKoJnTgLh.ps1	Get hash	malicious	Unknown	Browse	150.171.28.10
	CHDLSHtWbSRCfzJMtDO.ps1	Get hash	malicious	Unknown	Browse	150.171.28.10
	http://ogp.me/ns#	Get hash	malicious	Unknown	Browse	150.171.27.10
	PO20241003.xls	Get hash	malicious	Unknown	Browse	13.107.253.72
	https://kakeza.com/aW5mb0BkZXNpZ25lcm91dGxldG5ldW11ZW5zdGVyLmRl&NrPFWwrrioJP&hmr&x-af-vt&02810264	Get hash	malicious	HTMLPhisher	Browse	20.162.120.23
	SWIFT 103 202406111301435660 110624-pdf.vbs	Get hash	malicious	Remcos	Browse	13.107.253.45

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	263528293882.html	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 20.190.159.2
	https://jhansalazar.weebly.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	https://hblitigation-news.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	https://www.google.com/url?sa=t&url=https%3A%2F%2F%6d%6f%73%63%76%61%64%75%6d%61%2e%70%72%6f%2F&usg=AOvVaw0d8WU-1rxjmcdGQTa3JxQL&opi=	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 20.190.159.2
	https://www.ceolaser.com.mx	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	https://test1web.edukati2.websku.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	http://url5892.equipgreen.com/ls/click?upn=u001.QnVyUTRnA6m7Ys04OcfRK-2BmYDxK-2BPvo2SH4SnTHtM2ahAlVLCP5CpZxqdikPch52bwE-2B6FGVTHUfa6r6g-2FUXtg-3D-3DRRNj_h5tndX3XP82u2CVP7HmVo4t-2FDkgNbuc-2FvPQxBNjqhqQfNFsb7fTdfgoFOkzI-2Bxa5KYPUiZS4W-2FgvgYDkntJEAhmsWMOHAu7qmcDzwEsnQtseb3y8TmhK-2BeBLagbYZa-2Fl5PaNGlzycBP9wt-2Bx-2BIF8M6H7XNSfHFanKHmI0XclVmtDLdFtwBZAykMNol-2B1EVQFYL6mFcaqBDNwcneuaiLfRiDR-2FpEOaIMkXlnRLaWty4mFpZlGkJkD2RATf5aYVpVmITUImq0A03rBAVtkq8oTcm0pf7AnRvvjfggEzQM-2FBDJTgvat7iExDFu-2FC1T1blavXJCuw6WT3ULqe7EEFzwLpISA11fryJZChsjBogHU4mmljbR7myqEHYvHOs-2BwDsboMOlR8BgyLszRlTVGoHnspaKXf-2BkOLcDw7PJIrD7-2FlwFq18AGU-2BMCwieNwipGZ43aaplrmL164T9c9GFx1PNH2NTQ8QQdXqSUL2c6Z6-2B1ninN2347XsTbH1kOcG-2Baj-2BmKRd-2BNrQ8HjKbgibY3if2Dc-2FillftKg-2BOAfAsCUg0buauclIIXkY9pJgbAiU0QED9OnFbExZCCtlYAvJNOed7N4zn56A55lVm-2FpSqvOehGwGBaKqQa4ttNoFB-2BYOeC0wYp71SC66lbF9C6FtGbF3Qpgus3-2BPuAKrmA6O2Su9CLsGxY9NfltTk4RJkxZjzDErPRMi6bSkxScSDRk90tJqNxYpDyXtYZlskKpQ4HdVrTPlGs8-2B-2FHPDDSgN-2BZxT1dhGovf81VbcvTPC13GKhBBaLTvYpomEVB24raM-2Fz7Xk5U-2B8zKTebMlP-2B767ISJjSJ4FsIMohGUw1oYLuomExXvt4SjzjZbOP9qyB9S-2BEqd7x6PZREvV2dm-2BJKbb6DwZmKWxW1lJB4QpPTNqpO9GdNhkZb7A-3D-3D	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	https://indexconectada.net.br/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
	https://app.collabow.io/d/GNgkdZO5gKluqEP3mMdbEwzWbgEyOeRe8sIh64SLMvsN	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.2
6271f898ce5be7dd52b0fc260d0662b3	Hollandco-File-871871493.pdf	Get hash	malicious	Unknown	Browse	2.23.209.133
	c42oX67S73.ps1	Get hash	malicious	Unknown	Browse	2.23.209.133
	PO20241003.xls	Get hash	malicious	Unknown	Browse	2.23.209.133
	https://ahchoadeegu.homes?u=k8pp605&o=c9ewtnr&t=8845	Get hash	malicious	Unknown	Browse	2.23.209.133
	QT2Q1292300924.xla.xlsx	Get hash	malicious	Unknown	Browse	2.23.209.133
	DHL Receipt_AWB 9892671327.xls	Get hash	malicious	Unknown	Browse	2.23.209.133
	Payment proof.xls	Get hash	malicious	Unknown	Browse	2.23.209.133
	MVR-00876 CARRARO ITALIA SPA.xls	Get hash	malicious	Unknown	Browse	2.23.209.133
	4DC70000.xls	Get hash	malicious	Unknown	Browse	2.23.209.133
	http://fpnc.vnvrff.com/	Get hash	malicious	Unknown	Browse	2.23.209.133
3b5074b1b5d032e5620f69f9f700ff0e	QUOTATIONS#08673.exe	Get hash	malicious	AgentTesla	Browse	13.107.5.88
	file.exe	Get hash	malicious	Unknown	Browse	13.107.5.88
	rTCTdVVTSwCdqkFxlFIpU.ps1	Get hash	malicious	Unknown	Browse	13.107.5.88
	WqZxLxZrOrnMWYaBaBKdLenVTu.ps1	Get hash	malicious	Unknown	Browse	13.107.5.88
	SWIFT 103 202406111301435660 110624-pdf.vbs	Get hash	malicious	Remcos	Browse	13.107.5.88
	yvDk2VZluODBu6S.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	13.107.5.88
	TRANSFERENCIAS.vbs	Get hash	malicious	FormBook	Browse	13.107.5.88
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.5.88
	QUOTATION_OCTQTRA071244PDF.scr.exe	Get hash	malicious	Unknown	Browse	13.107.5.88
	TRANSFERENCIAS.vbs	Get hash	malicious	FormBook	Browse	13.107.5.88
a0e9f5d64349fb13191bc781f81f42e1	setup.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	msvcp110.dll	Get hash	malicious	LummaC	Browse	13.107.246.60
	c7v62g0YpB.exe	Get hash	malicious	SmokeLoader	Browse	13.107.246.60
	PO20241003.xls	Get hash	malicious	Unknown	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.246.60
	file.exe	Get hash	malicious	RDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	13.107.246.60
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	13.107.246.60
	Full-Setup.exe	Get hash	malicious	LummaC	Browse	13.107.246.60

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:	XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Category:	dropped
Size (bytes):	1869
Entropy (8bit):	5.091142390459905
Encrypted:	false
SSDEEP:	48:cGndypdyrKdnzymrkSyrVinzyGDSyX9JdycTdSy8fASyr1JnzyxAdyrfMnzyO:vEpEGd23bI2cb/EUdboAbX2aEQ2O
MD5:	4D35BC4EF3E92318F5FC93328CBACD80
SHA1:	245DBA831B6A5F2A23CE5CEE33ED1889A9E74F99
SHA-256:	4B767871E5BB03280A9E225358D963C7BF8ED98A68122819E083132BDFB398B0
SHA-512:	A9138499DD1C41ED3C035C145A327234D570ECC75D4A9FD0BC677CCA0F13DA7C8B0D6DE44B1F3B2FF42533CFF77F3204FE4AA7ED4AD34AAC0AC5BB59F83F8459
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-10-04T13:10:39Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-10-04T13:10:39Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2024-10-04T13:10:38Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 4 12:10:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9798962983922577
Encrypted:	false
SSDEEP:	48:8+7deTD7orHAidAKZdA1JehwiZUklqehs5y+3:8+oUujy
MD5:	3D5FBFD406876FC24153241AC5FDF1F1
SHA1:	6F060D53D70B1E3B3AF557D445A29522719D8C1F
SHA-256:	690A7AB9F28D703557B35C45CD7C7AA35A143070FA7FFF52529B1C4FEFD91746
SHA-512:	C90DC87F89BD4AA67A8A88552F1E3E8DEBB9230B39B86B175FE7293385F8B4E37544ED6D70AA7ACDF4030ABFD38374A34C9D8A43C8EDE5F93A8A581E80A00B0E
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....&..^.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IDYEi....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDYWi....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VDYWi....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VDYWi...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VDYXi...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............6N.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	Microsoft PowerPoint 2007+
Entropy (8bit):	7.978439598376639
TrID:	PowerPoint Microsoft Office Open XML Format document (133004/1) 76.65% Microsoft PowerPoint Macro-enabled Open XML add-in (32504/1) 18.73% ZIP compressed archive (8000/1) 4.61% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Payout Receipt.pptx
File size:	210'853 bytes
MD5:	1417101d84f9b072a9d27567e41b12eb
SHA1:	d4ad5741fd589701af1c8270cfedeced334c0956
SHA256:	12dda16106f761f8d7508f450b212e3eefdbef67e97ff74afde7ac94ba704498
SHA512:	64ce5f8c224cd8388876ed9027a515f0e5e60dc10efc0c7b730d2e0d2c83119c4a4a0c8aaa34e9c44895b9d5ae46ff1f494131912f9cd46402c9c30faf43256b
SSDEEP:	3072:lEhMf8S02zjwwvQj3MTokJuEulCGZquL2tIueTNXsFmnnPqguXABcuQwtdoB:59Jzjwwv18muS4q/aCtX0QKdW
TLSH:	2C240259FE034211D27356B1D13CE59490B9CDA2A44BF989FAF676C20219C910B8FBEB
File Content Preview:	PK............................[Content_Types].xml...n.:....8. p.X..6M..Y...%@..`....7p.....h.Q..Jj..F.......x.^...k...........J.E...~.]..I8%.wP.. ......v.......[.....\..X....f..........)........#p4.F....a.V...5......`..m...b.6...w.....<...`. E.`.....k..j.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 4, 2024 15:10:45.645649910 CEST	61874	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:45.645823002 CEST	49159	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:45.660609007 CEST	53	63790	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:45.678673983 CEST	53	49876	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:45.694248915 CEST	53	49159	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:45.835630894 CEST	53	61874	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:47.037681103 CEST	53	55942	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:47.216768980 CEST	58959	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:47.216929913 CEST	49611	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:47.251015902 CEST	53	49611	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:47.251332045 CEST	53	58959	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:48.219113111 CEST	57427	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:48.219264984 CEST	64017	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:48.231281996 CEST	53	57427	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:48.231997967 CEST	53	64017	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:50.149939060 CEST	54378	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:50.150091887 CEST	59443	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:50.156817913 CEST	53	54378	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:50.157031059 CEST	53	59443	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:50.251413107 CEST	57852	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:50.251609087 CEST	57534	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:50.259618998 CEST	53	57534	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:50.259639025 CEST	53	57852	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:58.141937971 CEST	57351	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:58.142151117 CEST	58263	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:58.156833887 CEST	53	57351	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:58.159579039 CEST	53	58263	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:59.134464025 CEST	60672	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:59.134639978 CEST	60142	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:10:59.142731905 CEST	53	58813	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:59.146250963 CEST	53	60672	1.1.1.1	192.168.2.17
Oct 4, 2024 15:10:59.147727966 CEST	53	60142	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:00.912980080 CEST	53	59738	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.127319098 CEST	54889	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.127319098 CEST	50826	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.150150061 CEST	53	54889	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.150163889 CEST	53	50826	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.244987011 CEST	63505	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.245239019 CEST	50446	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.248673916 CEST	50001	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.248919964 CEST	49389	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:02.252788067 CEST	53	63505	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.253099918 CEST	53	50446	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.256145000 CEST	53	49389	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:02.256215096 CEST	53	50001	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:03.583522081 CEST	51723	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:03.583669901 CEST	55030	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:03.590678930 CEST	53	51723	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:03.590909958 CEST	53	55030	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:03.993532896 CEST	53	62416	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:09.090667963 CEST	51138	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:09.090892076 CEST	58567	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:09.107079029 CEST	53	51138	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:09.123783112 CEST	53	58567	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:12.435842991 CEST	57867	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:12.439958096 CEST	58613	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:12.442467928 CEST	53	57867	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:12.447712898 CEST	53	58613	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:12.500124931 CEST	62587	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:12.500252962 CEST	50657	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:11:12.510883093 CEST	53	62587	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:12.526141882 CEST	53	50657	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:15.999988079 CEST	53	62147	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:22.939441919 CEST	53	50035	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:32.927177906 CEST	138	138	192.168.2.17	192.168.2.255
Oct 4, 2024 15:11:45.386974096 CEST	53	58780	1.1.1.1	192.168.2.17
Oct 4, 2024 15:11:45.602827072 CEST	53	65247	1.1.1.1	192.168.2.17
Oct 4, 2024 15:12:03.597132921 CEST	55138	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:12:03.597265005 CEST	55872	53	192.168.2.17	1.1.1.1
Oct 4, 2024 15:12:13.718616962 CEST	53	54978	1.1.1.1	192.168.2.17

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 4, 2024 15:11:09.123887062 CEST	192.168.2.17	1.1.1.1	c250	(Port unreachable)	Destination Unreachable
Oct 4, 2024 15:11:12.526268959 CEST	192.168.2.17	1.1.1.1	c252	(Port unreachable)	Destination Unreachable

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 4, 2024 15:10:41.966276884 CEST	1.1.1.1	192.168.2.17	0x7c4a	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:41.966276884 CEST	1.1.1.1	192.168.2.17	0x7c4a	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:45.835630894 CEST	1.1.1.1	192.168.2.17	0x330a	No error (0)	nomicscare.com		51.255.64.170	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251015902 CEST	1.1.1.1	192.168.2.17	0x1208	No error (0)	crewbloom.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251015902 CEST	1.1.1.1	192.168.2.17	0x1208	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	crewbloom.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.1.122	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.205.43	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.144.107	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.28.106	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.16.62	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.117.97	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.135.25	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:47.251332045 CEST	1.1.1.1	192.168.2.17	0xfd12	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.196.145	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:48.231281996 CEST	1.1.1.1	192.168.2.17	0x9bf5	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:48.231281996 CEST	1.1.1.1	192.168.2.17	0x9bf5	No error (0)	dualstack.twimg.twitter.map.fastly.net		146.75.52.159	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:48.231997967 CEST	1.1.1.1	192.168.2.17	0x9699	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:50.156817913 CEST	1.1.1.1	192.168.2.17	0xfe8f	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:50.156817913 CEST	1.1.1.1	192.168.2.17	0xfe8f	No error (0)	dualstack.twimg.twitter.map.fastly.net		146.75.52.159	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:50.157031059 CEST	1.1.1.1	192.168.2.17	0xc522	No error (0)	pbs.twimg.com	dualstack.twimg.twitter.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:50.259618998 CEST	1.1.1.1	192.168.2.17	0xa707	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 4, 2024 15:10:50.259639025 CEST	1.1.1.1	192.168.2.17	0x18e1	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:58.156833887 CEST	1.1.1.1	192.168.2.17	0xa806	No error (0)	l0gin-microso.ftlivedocs.tech		104.26.12.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:58.156833887 CEST	1.1.1.1	192.168.2.17	0xa806	No error (0)	l0gin-microso.ftlivedocs.tech		104.26.13.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:58.156833887 CEST	1.1.1.1	192.168.2.17	0xa806	No error (0)	l0gin-microso.ftlivedocs.tech		172.67.71.124	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:58.159579039 CEST	1.1.1.1	192.168.2.17	0xd383	No error (0)	l0gin-microso.ftlivedocs.tech			65	IN (0x0001)	false
Oct 4, 2024 15:10:58.555326939 CEST	1.1.1.1	192.168.2.17	0x6cc6	No error (0)	templatesmetadata.office.net	templatesmetadata.office.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:10:59.146250963 CEST	1.1.1.1	192.168.2.17	0x88d6	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:59.146250963 CEST	1.1.1.1	192.168.2.17	0x88d6	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:10:59.147727966 CEST	1.1.1.1	192.168.2.17	0xe4	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 4, 2024 15:11:02.150150061 CEST	1.1.1.1	192.168.2.17	0x6b88	No error (0)	l0gin-microso.ftlivedocs.tech			65	IN (0x0001)	false
Oct 4, 2024 15:11:02.150163889 CEST	1.1.1.1	192.168.2.17	0x347	No error (0)	l0gin-microso.ftlivedocs.tech		104.26.13.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.150163889 CEST	1.1.1.1	192.168.2.17	0x347	No error (0)	l0gin-microso.ftlivedocs.tech		104.26.12.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.150163889 CEST	1.1.1.1	192.168.2.17	0x347	No error (0)	l0gin-microso.ftlivedocs.tech		172.67.71.124	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.252788067 CEST	1.1.1.1	192.168.2.17	0xc617	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.252788067 CEST	1.1.1.1	192.168.2.17	0xc617	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.253099918 CEST	1.1.1.1	192.168.2.17	0x2337	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 4, 2024 15:11:02.256145000 CEST	1.1.1.1	192.168.2.17	0x8c0	No error (0)	challenges.cloudflare.com			65	IN (0x0001)	false
Oct 4, 2024 15:11:02.256215096 CEST	1.1.1.1	192.168.2.17	0x435c	No error (0)	challenges.cloudflare.com		104.18.95.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:02.256215096 CEST	1.1.1.1	192.168.2.17	0x435c	No error (0)	challenges.cloudflare.com		104.18.94.41	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:03.590678930 CEST	1.1.1.1	192.168.2.17	0x9ebd	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:09.107079029 CEST	1.1.1.1	192.168.2.17	0x619f	No error (0)	www.ftlivedocs.tech		172.67.71.124	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:09.107079029 CEST	1.1.1.1	192.168.2.17	0x619f	No error (0)	www.ftlivedocs.tech		104.26.12.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:09.107079029 CEST	1.1.1.1	192.168.2.17	0x619f	No error (0)	www.ftlivedocs.tech		104.26.13.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:09.123783112 CEST	1.1.1.1	192.168.2.17	0xdb1e	No error (0)	www.ftlivedocs.tech			65	IN (0x0001)	false
Oct 4, 2024 15:11:10.744714975 CEST	1.1.1.1	192.168.2.17	0x351d	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:10.744714975 CEST	1.1.1.1	192.168.2.17	0x351d	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:11.649435997 CEST	1.1.1.1	192.168.2.17	0xaca9	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:11.649435997 CEST	1.1.1.1	192.168.2.17	0xaca9	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:12.442467928 CEST	1.1.1.1	192.168.2.17	0xbe0	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:12.442467928 CEST	1.1.1.1	192.168.2.17	0xbe0	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:12.442467928 CEST	1.1.1.1	192.168.2.17	0xbe0	No error (0)	sni1gl.wpc.omegacdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:12.447712898 CEST	1.1.1.1	192.168.2.17	0x2f20	No error (0)	aadcdn.msftauth.net	scdn38e6f.wpc.9be8f.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:12.447712898 CEST	1.1.1.1	192.168.2.17	0x2f20	No error (0)	scdn38e6f.wpc.9be8f.omegacdn.net	sni1gl.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:11:12.510883093 CEST	1.1.1.1	192.168.2.17	0x9c8c	No error (0)	ywnjb.ftlivedocs.tech		172.67.71.124	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:12.510883093 CEST	1.1.1.1	192.168.2.17	0x9c8c	No error (0)	ywnjb.ftlivedocs.tech		104.26.12.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:12.510883093 CEST	1.1.1.1	192.168.2.17	0x9c8c	No error (0)	ywnjb.ftlivedocs.tech		104.26.13.69	A (IP address)	IN (0x0001)	false
Oct 4, 2024 15:11:12.526141882 CEST	1.1.1.1	192.168.2.17	0xc289	No error (0)	ywnjb.ftlivedocs.tech			65	IN (0x0001)	false
Oct 4, 2024 15:12:03.607804060 CEST	1.1.1.1	192.168.2.17	0x92e9	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 4, 2024 15:12:03.621838093 CEST	1.1.1.1	192.168.2.17	0xcb67	No error (0)	identity.nel.measure.office.net	nel.measure.office.net.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:37 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6Xtt1sBzydtZp6M&MD=91XKTh55 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-04 13:10:37 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 6968e628-1d64-40e8-8da4-25890244780d MS-RequestId: 854d2973-bdec-427b-9c16-79addaf893b3 MS-CV: z3IKoM23YU2sHg0u.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 04 Oct 2024 13:10:37 GMT Connection: close Content-Length: 24490
2024-10-04 13:10:37 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-04 13:10:37 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:42 UTC	227	OUT	GET /rules/powerpnt.exe-Production-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:10:42 UTC	542	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:10:42 GMT Content-Type: text/plain Content-Length: 1183116 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Mon, 30 Sep 2024 13:16:38 GMT ETag: "0x8DCE1521E2C3658" x-ms-request-id: f0b719dc-501e-0016-7a5e-16181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131042Z-15767c5fc55852fxfeh7csa2dn0000000ck00000000036hm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-10-04 13:10:42 UTC	15842	IN	Data Raw: 31 30 30 30 34 32 76 32 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 34 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 55 58 2e 44 65 73 6b 74 6f 70 2e 4f 66 66 69 63 65 54 68 65 6d 65 2e 41 70 70 2e 49 6e 69 74 22 20 41 54 54 3d 22 63 34 33 38 38 63 39 37 37 32 39 37 34 31 33 62 62 30 35 34 62 61 64 31 61 63 66 30 61 64 65 31 2d 63 63 35 38 65 35 33 65 2d 66 35 61 34 2d 34 66 33 37 2d 62 30 64 32 2d 39 61 38 30 37 39 65 33 34 34 32 30 2d 36 38 37 39 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 63 6d 39 79 35 Data Ascii: 100042v2+<?xml version="1.0" encoding="utf-8"?><R Id="100042" V="2" DC="SM" EN="Office.UX.Desktop.OfficeTheme.App.Init" ATT="c4388c977297413bb054bad1acf0ade1-cc58e53e-f5a4-4f37-b0d2-9a8079e34420-6879" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="cm9y5
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 22 20 46 3d 22 41 75 74 68 6f 72 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 30 31 31 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 31 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 38 79 6c 6c 66 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 Data Ascii: " F="AuthorCount" /> </C> <T> <S T="1" /> </T></R><$!#>100117v0+<?xml version="1.0" encoding="utf-8"?><R Id="100117" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <UTS T="1" Id="8yllf" /> </S> <C T="W" I="0" O="false"
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 20 20 3c 41 20 54 3d 22 53 55 4d 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 41 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 37 38 31 76 31 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 37 38 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 31 22 20 49 64 3d 22 62 67 6f 34 74 22 20 2f 3e 0d 0a Data Ascii: <A T="SUM"> <S T="1" F="11" /> </A> </C> <T> <S T="2" /> <S T="3" /> </T></R><$!#>10781v1+<?xml version="1.0" encoding="utf-8"?><R Id="10781" V="1" DC="SM" T="Subrule" xmlns=""> <S> <UTS T="1" Id="bgo4t" />
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 30 30 30 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d Data Ascii: </O> </F> <F T="6"> <O T="AND"> <L> <O T="GT"> <L> <S T="1" F="0" /> </L> <R> <V V="1000" T="U32" /> </R> </O> </L>
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 20 20 20 20 20 3c 53 20 54 3d 22 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 56 69 64 65 6f 43 61 6c 6c 56 69 64 65 6f 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 36 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 33 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 46 6c 79 6f 75 74 53 61 53 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 34 22 20 4f Data Ascii: <S T="25" /> </C> </C> <C T="U32" I="22" O="false" N="FlyoutVideoCallVideo"> <C> <S T="26" /> </C> </C> <C T="U32" I="23" O="false" N="FlyoutSaS"> <C> <S T="27" /> </C> </C> <C T="U32" I="24" O
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 39 30 37 76 30 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 39 30 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 4e 44 42 2e 55 6e 6b 6e 6f 77 6e 2e 43 6f 72 72 75 70 74 69 6f 6e 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 53 3d 22 31 30 30 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d Data Ascii: </T></R><$!#>10907v0+<?xml version="1.0" encoding="utf-8"?><R Id="10907" V="0" DC="SM" EN="Office.Outlook.Desktop.NDB.Unknown.Corruption" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" S="100" DCa="PSU" xmlns="">
2024-10-04 13:10:42 UTC	16384	IN	Data Raw: 20 3c 53 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 31 22 20 49 3d 22 44 61 69 6c 79 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 33 22 20 49 64 3d 22 62 70 66 79 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 34 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 50 68 6f 74 6f 53 69 7a 65 49 6e 42 79 74 65 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 55 36 34 22 20 2f 3e 0d 0a 20 20 20 20 Data Ascii: <S> <TI T="1" I="Daily" /> <A T="2" E="TelemetryShutdown" /> <UTS T="3" Id="bpfy1" /> <F T="4"> <O T="GT"> <L> <S T="3" F="PhotoSizeInBytes" /> </L> <R> <V V="0" T="U64" />
2024-10-04 13:10:43 UTC	16384	IN	Data Raw: 6b 30 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 65 76 65 6e 74 49 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 31 33 35 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 74 Data Ascii: k0m" /> <F T="6"> <O T="EQ"> <L> <S T="4" F="eventId" /> </L> <R> <V V="135" T="I32" /> </R> </O> </F> <F T="7"> <O T="EQ"> <L> <S T="5" F="t
2024-10-04 13:10:43 UTC	16384	IN	Data Raw: 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 31 30 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 46 69 6c 65 50 72 6f 74 65 63 74 69 6f 6e 53 74 61 74 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 35 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: 4" T="U32" /> </R> </O> </F> <F T="10"> <O T="EQ"> <L> <S T="3" F="FileProtectionState" /> </L> <R> <V V="5" T="U32" /> </R> </O> </F> </S> <C T="
2024-10-04 13:10:43 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 72 65 73 75 6c 74 73 5f 49 73 4e 75 6c 6c 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 Data Ascii: <O T="EQ"> <L> <S T="5" F="results_IsNull" /> </L> <R> <V V="false" T="B" /> </R> </O> </L> <R>

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:43 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-10-04 13:10:43 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-04 13:10:44 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 04 Oct 2024 13:09:44 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: 8ce25486-b549-47fe-8db6-d33f8b4364c1 PPServer: PPV: 30 H: PH1PEPF00011CB0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 04 Oct 2024 13:10:43 GMT Connection: close Content-Length: 11389
2024-10-04 13:10:44 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:45 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-10-04 13:10:45 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-04 13:10:46 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 04 Oct 2024 13:09:46 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: c47d6065-b5b6-4ef1-8ea4-a21d935d52a2 PPServer: PPV: 30 H: BL02EPF0001D969 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 04 Oct 2024 13:10:46 GMT Connection: close Content-Length: 11389
2024-10-04 13:10:46 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:46 UTC	733	OUT	GET /fr/gdpr/cookie-consent/all/?next_url=//crewbloom.s3.amazonaws.com/34873.html HTTP/1.1 Host: nomicscare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:47 UTC	1261	IN	HTTP/1.1 302 Found Server: nginx/1.14.1 Date: Fri, 04 Oct 2024 13:10:47 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Location: //crewbloom.s3.amazonaws.com/34873.html X-Frame-Options: DENY Content-Language: fr X-Content-Type-Options: nosniff Set-Cookie: cookie_consent=accepted; Domain=nomicscare.com; expires=Sat, 04-Oct-2025 13:10:47 GMT; Max-Age=31536000; Path=/ Set-Cookie: cookie_consent_all=accepted; Domain=nomicscare.com; expires=Sat, 04-Oct-2025 13:10:47 GMT; Max-Age=31536000; Path=/ Strict-Transport-Security: max-age=31536000; includeSubDomains X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: no-referrer-when-downgrade Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=() Set-Cookie: Path=/; HttpOnly; Secure X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Feature-Policy: accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none' Strict-Transport-Security: max-age=31536000; includeSubDomains

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:48 UTC	679	OUT	GET /34873.html HTTP/1.1 Host: crewbloom.s3.amazonaws.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:48 UTC	426	IN	HTTP/1.1 200 OK x-amz-id-2: Yf4yA6qkkVNc+heJPRgDiywi8Z6Z04cqNSRsuiQHm8oYujMdcNkKX5wWDukOC/un9yO+cPIPBAGQ4XMz5sQmdA== x-amz-request-id: DF6P3QG5262K3F71 Date: Fri, 04 Oct 2024 13:10:49 GMT Last-Modified: Tue, 01 Oct 2024 10:32:48 GMT ETag: "e7cc921cd33185fd7a332d7dd710c0a3" x-amz-server-side-encryption: AES256 Accept-Ranges: bytes Content-Type: text/html Server: AmazonS3 Content-Length: 3321 Connection: close
2024-10-04 13:10:48 UTC	1531	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 2c 20 6e 6f 61 72 63 68 69 76 65 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Security Check</title> <meta name="robots" content="noindex, nofollow, noarchive"> <met
2024-10-04 13:10:48 UTC	1790	IN	Data Raw: 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 35 30 25 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 6f 6e 63 6f 6e 74 65 78 74 6d 65 6e 75 3d 22 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6d 61 67 65 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 62 73 2e 74 77 69 6d 67 2e 63 6f 6d 2f 6d 65 64 69 61 2f 47 47 72 Data Ascii: left: 50%; transform: translateX(-50%); } </style></head><body oncontextmenu="return false;"> <div class="container"> <div class="image-container"> <img src="https://pbs.twimg.com/media/GGr

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:49 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4742 Host: login.live.com
2024-10-04 13:10:49 UTC	4742	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-04 13:10:49 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 04 Oct 2024 13:09:49 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BL2 x-ms-request-id: b697132e-bc99-482e-9fed-e2d5b0a20787 PPServer: PPV: 30 H: BL02EPF0001D878 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 04 Oct 2024 13:10:49 GMT Connection: close Content-Length: 10197
2024-10-04 13:10:49 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:49 UTC	626	OUT	GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1 Host: pbs.twimg.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://crewbloom.s3.amazonaws.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:49 UTC	742	IN	HTTP/1.1 200 OK Connection: close Content-Length: 39755 perf: 7402827104 cache-tag: media,media/bucket/3,media/1759449449804234752 content-type: image/jpeg cache-control: max-age=604800, must-revalidate last-modified: Mon, 19 Feb 2024 05:24:52 GMT x-transaction-id: 5080376a38065880 timing-allow-origin: https://twitter.com, https://mobile.twitter.com strict-transport-security: max-age=631138519 access-control-allow-origin: * access-control-expose-headers: Content-Length X-Content-Type-Options: nosniff Accept-Ranges: bytes Date: Fri, 04 Oct 2024 13:10:49 GMT X-Cache: HIT, HIT x-tw-cdn: FT x-served-by: cache-lhr-egll1980036-LHR, cache-lin1730075-LIN, cache-tw-ZZZ1 Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00 Data Ascii: JFIFC!"$"$Cv0"@
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f Data Ascii: gkMXrm65^2AQR{6f6"\|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82 Data Ascii: 5450 3p!261@"$%`P;5s`
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab Data Ascii: >xE~GD3RUe;\|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5 Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J\|S.yk#UA,48`D!
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6\|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6 Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
2024-10-04 13:10:49 UTC	1379	IN	Data Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2 Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf\|S,kQKhUt5_A#Y-*f oYQE{HJ

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:51 UTC	380	OUT	GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1 Host: pbs.twimg.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:52 UTC	742	IN	HTTP/1.1 200 OK Connection: close Content-Length: 39755 perf: 7402827104 cache-tag: media,media/bucket/3,media/1759449449804234752 content-type: image/jpeg cache-control: max-age=604800, must-revalidate last-modified: Mon, 19 Feb 2024 05:24:52 GMT x-transaction-id: 5080376a38065880 timing-allow-origin: https://twitter.com, https://mobile.twitter.com strict-transport-security: max-age=631138519 access-control-allow-origin: * access-control-expose-headers: Content-Length X-Content-Type-Options: nosniff Accept-Ranges: bytes Date: Fri, 04 Oct 2024 13:10:52 GMT X-Cache: HIT, HIT x-tw-cdn: FT x-served-by: cache-lhr-egll1980036-LHR, cache-lin1730037-LIN, cache-tw-ZZZ1 Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00 Data Ascii: JFIFC!"$"$Cv0"@
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f Data Ascii: gkMXrm65^2AQR{6f6"\|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82 Data Ascii: 5450 3p!261@"$%`P;5s`
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab Data Ascii: >xE~GD3RUe;\|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5 Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J\|S.yk#UA,48`D!
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6\|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6 Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
2024-10-04 13:10:52 UTC	1379	IN	Data Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2 Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf\|S,kQKhUt5_A#Y-*f oYQE{HJ

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:51 UTC	618	OUT	GET /favicon.ico HTTP/1.1 Host: crewbloom.s3.amazonaws.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://crewbloom.s3.amazonaws.com/34873.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:52 UTC	297	IN	HTTP/1.1 403 Forbidden x-amz-request-id: M4RGGHMMMNGH1FQ7 x-amz-id-2: J5FNCwYXYTAg7fPoukB+g+Tfvb9a72793pOw24cgCZ69wzj/Y5z6lbGwnDL5Rz2FwX/nHDyi7TPkKohyiW2t3Q== Content-Type: application/xml Transfer-Encoding: chunked Date: Fri, 04 Oct 2024 13:10:51 GMT Server: AmazonS3 Connection: close
2024-10-04 13:10:52 UTC	266	IN	Data Raw: 66 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 4d 34 52 47 47 48 4d 4d 4d 4e 47 48 31 46 51 37 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4a 35 46 4e 43 77 59 58 59 54 41 67 37 66 50 6f 75 6b 42 2b 67 2b 54 66 76 62 39 61 37 32 37 39 33 70 4f 77 32 34 63 67 43 5a 36 39 77 7a 6a 2f 59 35 7a 36 6c 62 47 77 6e 44 4c 35 52 7a 32 46 77 58 2f 6e 48 44 79 69 37 54 50 6b 4b 6f 68 79 69 57 32 74 33 51 3d 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 Data Ascii: ff<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>M4RGGHMMMNGH1FQ7</RequestId><HostId>J5FNCwYXYTAg7fPoukB+g+Tfvb9a72793pOw24cgCZ69wzj/Y5z6lbGwnDL5Rz2FwX/nHDyi7TPkKohyiW2t3Q==</HostId></Er

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:52 UTC	212	OUT	GET /rules/rule120603v8s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft PowerPoint 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-04 13:10:52 UTC	563	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:10:52 GMT Content-Type: text/xml Content-Length: 2128 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA41F3C62" x-ms-request-id: fafd92b7-601e-0050-3886-152c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241004T131052Z-15767c5fc55852fxfeh7csa2dn0000000ckg0000000017yg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-04 13:10:52 UTC	2128	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 33 22 20 56 3d 22 38 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 64 64 69 74 69 6f 6e 61 6c 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 45 3d 22 66 61 6c 73 65 22 20 44 4c 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120603" V="8" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAdditional" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" E="false" DL=

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:10:58 UTC	712	OUT	GET /KUtIdFka HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://crewbloom.s3.amazonaws.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:10:59 UTC	713	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:10:59 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Set-Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; Path=/; Domain=ftlivedocs.tech; Expires=Fri, 04 Oct 2024 14:10:59 GMT; Max-Age=3600 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A78lPhGMzfDcfhoerWrH%2B38tAZJ6qxvA5fYHFK7maEchQr0t%2FcrEIcI6pAZHuzW6I%2FawnCFJqGsA4qc7z1vlaItLgbdIWE99ogGCYmSN1CT2Pljo1K3EjtqNsrQApTrWULT81Kgyshy6BlTar1%2F3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cd56a496a3b5e6a-EWR
2024-10-04 13:10:59 UTC	656	IN	Data Raw: 31 62 65 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 20 61 73 79 6e 63 20 64 65 66 65 72 3e 3c 2f Data Ascii: 1be5<!DOCTYPE html><html lang="en-US"><head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" async defer></
2024-10-04 13:10:59 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 73 69 74 65 6b 65 79 3a 20 27 30 78 34 41 41 41 41 41 41 41 77 64 39 68 77 35 72 76 6f 44 6a 4d 37 49 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6c 6c 62 61 63 6b 3a 20 66 75 6e 63 74 69 6f 6e 28 74 6f 6b 65 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 45 6e 74 65 72 53 69 74 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 3b 0a 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 2d 77 72 61 70 70 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 6f 61 64 69 6e Data Ascii: sitekey: '0x4AAAAAAAwd9hw5rvoDjM7I', callback: function(token) { EnterSite(); }, }); }; </script></head><body class="no-js"> <div class="main-wrapper" role="main"> <div id="loadin
2024-10-04 13:10:59 UTC	1369	IN	Data Raw: 3b 68 65 69 67 68 74 3a 31 38 30 70 78 7d 23 4d 53 4c 6f 67 6f 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 33 36 70 78 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 76 77 20 2d 20 35 30 70 78 29 7d 2e 64 61 72 6b 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 33 7d 2e 64 61 72 6b 4e 65 77 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 66 31 66 31 66 7d 3a 72 6f 6f 74 7b 2d 2d 73 3a 31 38 30 70 78 3b 2d 2d 65 6e 76 57 3a 31 33 30 70 78 3b 2d 2d 65 6e 76 48 3a 37 31 70 78 3b 2d 2d 63 61 6c 57 3a 31 31 38 70 78 3b 2d 2d 73 71 57 3a 63 61 6c 63 28 76 61 72 28 2d 2d 63 61 6c 57 29 20 2f 20 33 29 3b 2d 2d 73 71 48 3a 33 37 70 Data Ascii: ;height:180px}#MSLogo{position:fixed;bottom:36px;left:calc(50vw - 50px)}.dark #loadingScreen{background-color:#333}.darkNew #loadingScreen{background-color:#1f1f1f}:root{--s:180px;--envW:130px;--envH:71px;--calW:118px;--sqW:calc(var(--calW) / 3);--sqH:37p
2024-10-04 13:10:59 UTC	1369	IN	Data Raw: 61 72 67 69 6e 2d 74 6f 70 3a 2d 37 30 70 78 7d 23 63 61 6c 2c 23 63 61 6c 3e 2e 72 2c 23 63 61 6c 3e 2e 74 7b 77 69 64 74 68 3a 76 61 72 28 2d 2d 63 61 6c 57 29 7d 23 63 61 6c 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 77 72 61 70 3a 77 72 61 70 3b 68 65 69 67 68 74 3a 76 61 72 28 2d 2d 63 61 6c 48 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 37 70 78 3b 6d 61 72 67 69 6e 3a 2d 33 30 36 70 78 20 61 75 74 6f 20 30 3b 61 6e 69 6d 61 74 69 6f 6e 3a 63 61 6c 2d 62 6f 75 6e 63 65 20 76 61 72 28 2d 2d 64 75 72 29 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2c 2e 35 2c 30 2c 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 Data Ascii: argin-top:-70px}#cal,#cal>.r,#cal>.t{width:var(--calW)}#cal{flex-direction:row;flex-wrap:wrap;height:var(--calH);border-radius:7px;margin:-306px auto 0;animation:cal-bounce var(--dur) infinite;animation-timing-function:cubic-bezier(0,.5,0,1);transform:tra
2024-10-04 13:10:59 UTC	1369	IN	Data Raw: 46 6c 61 70 7b 77 69 64 74 68 3a 76 61 72 28 2d 2d 65 6e 76 57 29 3b 61 6e 69 6d 61 74 69 6f 6e 3a 63 6c 6f 73 65 64 2d 66 6c 61 70 2d 73 77 69 6e 67 20 76 61 72 28 2d 2d 64 75 72 29 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 33 32 2c 30 2c 2e 36 37 2c 30 29 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 74 6f 70 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 63 61 6c 63 28 2d 31 20 2a 20 76 61 72 28 2d 2d 65 6e 76 48 29 29 29 20 72 6f 74 61 74 65 33 64 28 31 2c 30 2c 30 2c 39 30 64 65 67 29 7d 40 6b 65 79 66 72 61 6d 65 73 20 63 6c 6f 73 65 64 2d 66 6c 61 70 2d 73 77 69 6e 67 7b 30 25 2c 31 30 30 25 2c 37 37 25 2c 38 2e 35 Data Ascii: Flap{width:var(--envW);animation:closed-flap-swing var(--dur) infinite;animation-timing-function:cubic-bezier(.32,0,.67,0);transform-origin:top;transform:translateY(calc(-1 * var(--envH))) rotate3d(1,0,0,90deg)}@keyframes closed-flap-swing{0%,100%,77%,8.5
2024-10-04 13:10:59 UTC	1017	IN	Data Raw: 61 27 20 2b 20 27 3f 53 27 20 2b 20 27 3d 27 20 2b 20 27 55 27 20 2b 20 27 6d 78 75 27 20 2b 20 27 48 6c 27 20 2b 20 27 6f 27 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 3d 7b 72 3a 27 38 63 64 35 36 61 34 39 36 61 33 62 35 65 36 61 27 2c 74 3a 27 4d 54 63 79 4f 44 41 30 4e 7a 51 31 4f Data Ascii: a' + '?S' + '=' + 'U' + 'mxu' + 'Hl' + 'o' } </script><script>(function(){function c(){var b=a.contentDocument\|\|a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8cd56a496a3b5e6a',t:'MTcyODA0NzQ1O
2024-10-04 13:10:59 UTC	6	IN	Data Raw: 31 0d 0a 0a 0d 0a Data Ascii: 1
2024-10-04 13:10:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:00 UTC	588	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://l0gin-microso.ftlivedocs.tech/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:01 UTC	356	IN	HTTP/1.1 302 Found Date: Fri, 04 Oct 2024 13:11:01 GMT Content-Length: 0 Connection: close access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/ec4b873d446c/api.js Server: cloudflare CF-RAY: 8cd56a57ce217d18-EWR

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:01 UTC	619	OUT	GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
2024-10-04 13:11:01 UTC	693	IN	HTTP/1.1 302 Found Date: Fri, 04 Oct 2024 13:11:01 GMT Content-Length: 0 Connection: close location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public access-control-allow-origin: * Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXBgcj1%2F44D5uHSoOqI%2BN%2Bf%2F%2F6x7Us7PYi5Ixl8LFINuvhj1ceurwpwkQcsMoUsTyTv68OWBzUgXhgu0BHtNstU%2FeR6CdCG767worgsimkpQymPM%2FL3RS4fOnvyI3qCm598b3e2DQHcDOvFd%2BKbj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cd56a581b238c3f-EWR

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:01 UTC	572	OUT	GET /turnstile/v0/g/ec4b873d446c/api.js HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://l0gin-microso.ftlivedocs.tech/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:02 UTC	441	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:01 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 47262 Connection: close accept-ranges: bytes last-modified: Tue, 17 Sep 2024 16:06:37 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin Server: cloudflare CF-RAY: 8cd56a5d6c338c0b-EWR
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 56 74 28 65 2c 72 2c 61 2c 6f 2c 63 2c 6c 2c 67 29 7b 74 72 79 7b 76 61 72 20 66 3d 65 5b 6c 5d 28 67 29 2c 70 3d 66 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 73 29 7b 61 28 73 29 3b 72 65 74 75 72 6e 7d 66 2e 64 6f 6e 65 3f 72 28 70 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 70 29 2e 74 68 65 6e 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 57 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 61 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 63 29 7b 76 61 72 20 6c 3d 65 2e 61 70 70 6c 79 28 72 2c 61 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);funct
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 74 28 65 29 7b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 42 74 28 65 2c 72 29 7b 76 61 72 20 61 3d 65 3d 3d 6e 75 6c 6c 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 7c 7c 65 5b 22 40 40 69 74 65 72 61 74 6f 72 22 5d 3b 69 66 28 61 21 3d 6e 75 6c 6c 29 7b 76 61 72 20 6f 3d 5b 5d 2c 63 3d 21 30 2c 6c 3d 21 31 2c 67 2c 66 3b 74 72 79 7b 66 6f 72 28 61 3d 61 2e 63 61 6c 6c 28 65 29 3b 21 28 63 3d 28 67 3d 61 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 29 26 26 28 6f 2e 70 75 73 68 28 67 2e 76 61 6c 75 65 29 2c 21 28 72 26 26 6f 2e 6c 65 6e 67 74 68 3d 3d 3d 72 29 29 3b 63 3d 21 30 29 Data Ascii: t(e){if(Array.isArray(e))return e}function Bt(e,r){var a=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]\|\|e["@@iterator"];if(a!=null){var o=[],c=!0,l=!1,g,f;try{for(a=a.call(e);!(c=(g=a.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0)
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 5d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 73 29 7b 69 66 28 6f 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 67 26 26 28 67 3d 30 2c 73 5b 30 5d 26 26 28 61 3d 30 29 29 2c 61 3b 29 74 72 79 7b 69 66 28 6f 3d 31 2c 63 26 26 28 6c 3d 73 5b 30 5d 26 32 3f 63 2e 72 65 74 75 72 6e 3a 73 5b 30 5d 3f 63 2e 74 68 72 6f 77 7c 7c 28 28 6c 3d 63 2e 72 65 74 75 72 6e 29 26 26 6c 2e 63 61 6c 6c 28 63 29 2c 30 29 3a 63 2e 6e 65 78 74 29 26 26 21 28 6c 3d 6c 2e 63 61 6c 6c 28 63 2c 73 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 6c 3b 73 77 69 74 63 68 28 63 3d 30 2c 6c 26 26 28 73 3d 5b 73 5b 30 5d 26 32 2c 6c 2e 76 61 6c Data Ascii: ])}}function p(s){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,s[0]&&(a=0)),a;)try{if(o=1,c&&(l=s[0]&2?c.return:s[0]?c.throw\|\|((l=c.return)&&l.call(c),0):c.next)&&!(l=l.call(c,s[1])).done)return l;switch(c=0,l&&(s=[s[0]&2,l.val
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 29 29 3b 76 61 72 20 56 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 41 55 54 4f 3d 22 61 75 74 6f 22 2c 65 2e 4c 49 47 48 54 3d 22 6c 69 67 68 74 22 2c 65 2e 44 41 52 4b 3d 22 64 61 72 6b 22 7d 29 28 56 65 7c 7c 28 56 65 3d 7b 7d 29 29 3b 76 61 72 20 53 65 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 46 41 49 4c 55 52 45 5f 57 4f 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 6c 75 72 65 2d 77 6f 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 48 41 56 49 4e 47 5f 54 52 4f 55 42 4c 45 53 3d 22 66 61 69 6c 75 72 65 2d 68 61 76 69 6e 67 2d 74 72 6f 75 62 6c 65 73 22 2c 65 2e 46 41 49 4c 55 52 45 5f 46 45 45 44 42 41 43 4b 3d 22 66 61 69 6c 75 72 65 2d 66 65 65 64 62 61 63 6b 22 2c 65 2e 46 41 49 Data Ascii: ));var Ve;(function(e){e.AUTO="auto",e.LIGHT="light",e.DARK="dark"})(Ve\|\|(Ve={}));var Se;(function(e){e.FAILURE_WO_HAVING_TROUBLES="failure-wo-having-troubles",e.FAILURE_HAVING_TROUBLES="failure-having-troubles",e.FAILURE_FEEDBACK="failure-feedback",e.FAI
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 20 4c 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 72 29 21 3d 3d 2d 31 7d 66 75 6e 63 74 69 6f 6e 20 6e 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 64 61 72 6b 22 2c 22 6c 69 67 68 74 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 69 74 28 65 29 7b 72 65 74 75 72 6e 20 4c 28 5b 22 61 75 74 6f 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 39 65 35 7d 66 75 6e 63 74 69 6f 6e 20 63 74 28 65 29 7b 72 65 74 75 72 6e 20 65 3e 30 26 26 65 3c 33 36 65 34 7d 76 61 72 20 41 72 3d 2f 5e 5b 30 2d 39 41 2d 5a 61 2d 7a 5f 2d 5d 7b 33 2c 31 30 30 7d 24 2f 3b 66 75 6e 63 74 69 6f 6e 20 58 74 28 65 29 7b 72 65 74 75 72 6e Data Ascii: unction L(e,r){return e.indexOf(r)!==-1}function nt(e){return L(["auto","dark","light"],e)}function it(e){return L(["auto","never"],e)}function ot(e){return e>0&&e<9e5}function ct(e){return e>0&&e<36e4}var Ar=/^[0-9A-Za-z_-]{3,100}$/;function Xt(e){return
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 5f 72 65 73 70 6f 6e 73 65 22 2c 79 74 3d 22 63 66 2d 74 75 72 6e 73 74 69 6c 65 2d 72 65 73 70 6f 6e 73 65 22 2c 5f 74 3d 22 67 2d 72 65 63 61 70 74 63 68 61 2d 72 65 73 70 6f 6e 73 65 22 2c 65 72 3d 38 65 33 2c 62 74 3d 22 70 72 69 76 61 74 65 2d 74 6f 6b 65 6e 22 2c 74 72 3d 33 2c 72 72 3d 35 30 30 2c 61 72 3d 35 30 30 2c 59 3d 22 30 2f 30 22 3b 76 61 72 20 43 72 3d 5b 22 62 67 2d 62 67 22 2c 22 64 61 2d 64 6b 22 2c 22 64 65 2d 64 65 22 2c 22 65 6c 2d 67 72 22 2c 22 6a 61 2d 6a 70 22 2c 22 6d 73 2d 6d 79 22 2c 22 72 75 2d 72 75 22 2c 22 73 6b 2d 73 6b 22 2c 22 73 6c 2d 73 69 22 2c 22 73 72 2d 62 61 22 2c 22 74 6c 2d 70 68 22 2c 22 75 6b 2d 75 61 22 5d 2c 4e 72 3d 5b 22 61 72 2d 65 67 22 2c 22 65 73 2d 65 73 22 2c 22 63 73 2d 63 7a Data Ascii: allenge_response",yt="cf-turnstile-response",_t="g-recaptcha-response",er=8e3,bt="private-token",tr=3,rr=500,ar=500,Y="0/0";var Cr=["bg-bg","da-dk","de-de","el-gr","ja-jp","ms-my","ru-ru","sk-sk","sl-si","sr-ba","tl-ph","uk-ua"],Nr=["ar-eg","es-es","cs-cz
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 72 46 65 65 64 62 61 63 6b 2c 6f 3d 65 2e 69 73 4d 6f 64 65 72 61 74 65 6c 79 56 65 72 62 6f 73 65 3b 72 65 74 75 72 6e 20 61 26 26 72 3f 22 35 34 30 70 78 22 3a 61 26 26 6f 3f 22 35 30 30 70 78 22 3a 61 3f 22 34 38 30 70 78 22 3a 72 3f 22 36 35 30 70 78 22 3a 6f 3f 22 35 39 30 70 78 22 3a 22 35 37 30 70 78 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 48 65 28 65 29 7b 69 66 28 65 3d 3d 3d 76 6f 69 64 20 30 29 74 68 72 6f 77 20 6e 65 77 20 52 65 66 65 72 65 6e 63 65 45 72 72 6f 72 28 22 74 68 69 73 20 68 61 73 6e 27 74 20 62 65 65 6e 20 69 6e 69 74 69 61 6c 69 73 65 64 20 2d 20 73 75 70 65 72 28 29 20 68 61 73 6e 27 74 20 62 65 65 6e 20 63 61 6c 6c 65 64 22 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 6e 72 28 65 2c 72 29 7b 69 66 28 21 55 28 65 2c Data Ascii: rFeedback,o=e.isModeratelyVerbose;return a&&r?"540px":a&&o?"500px":a?"480px":r?"650px":o?"590px":"570px"};function He(e){if(e===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}function nr(e,r){if(!U(e,
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 66 28 6f 3d 3d 3d 6e 75 6c 6c 7c 7c 21 6f 72 28 6f 29 29 72 65 74 75 72 6e 20 6f 3b 69 66 28 74 79 70 65 6f 66 20 6f 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 53 75 70 65 72 20 65 78 70 72 65 73 73 69 6f 6e 20 6d 75 73 74 20 65 69 74 68 65 72 20 62 65 20 6e 75 6c 6c 20 6f 72 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 69 66 28 74 79 70 65 6f 66 20 72 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 7b 69 66 28 72 2e 68 61 73 28 6f 29 29 72 65 74 75 72 6e 20 72 2e 67 65 74 28 6f 29 3b 72 2e 73 65 74 28 6f 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 72 65 74 75 72 6e 20 49 65 28 6f 2c 61 72 67 75 6d 65 6e 74 73 2c 63 65 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 7d 72 65 74 75 72 6e 20 Data Ascii: f(o===null\|\|!or(o))return o;if(typeof o!="function")throw new TypeError("Super expression must either be null or a function");if(typeof r!="undefined"){if(r.has(o))return r.get(o);r.set(o,c)}function c(){return Ie(o,arguments,ce(this).constructor)}return
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 72 69 70 74 20 74 61 67 2c 20 73 6f 6d 65 20 66 65 61 74 75 72 65 73 20 6d 61 79 20 6e 6f 74 20 62 65 20 61 76 61 69 6c 61 62 6c 65 22 2c 34 33 37 37 37 29 3b 76 61 72 20 72 3d 7b 6c 6f 61 64 65 64 41 73 79 6e 63 3a 21 31 2c 70 61 72 61 6d 73 3a 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 7d 3b 28 65 2e 61 73 79 6e 63 7c 7c 65 2e 64 65 66 65 72 29 26 26 28 72 2e 6c 6f 61 64 65 64 41 73 79 6e 63 3d 21 30 29 3b 76 61 72 20 61 3d 65 2e 73 72 63 2c 6f 3d 61 2e 73 70 6c 69 74 28 22 3f 22 29 3b 72 65 74 75 72 6e 20 6f 2e 6c 65 6e 67 74 68 3e 31 26 26 28 72 2e 70 61 72 61 6d 73 3d 6e 65 77 20 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 28 6f 5b 31 5d 29 29 2c 72 7d 66 75 6e 63 74 69 6f 6e 20 57 28 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 70 Data Ascii: ript tag, some features may not be available",43777);var r={loadedAsync:!1,params:new URLSearchParams};(e.async\|\|e.defer)&&(r.loadedAsync=!0);var a=e.src,o=a.split("?");return o.length>1&&(r.params=new URLSearchParams(o[1])),r}function W(){return typeof p
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 69 75 73 3d 22 35 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 30 70 78 22 2c 73 2e 73 74 79 6c 65 2e 6f 76 65 72 66 6c 6f 77 3d 22 68 69 64 64 65 6e 22 2c 73 2e 73 74 79 6c 65 2e 6d 61 72 67 69 6e 3d 22 30 70 78 20 61 75 74 6f 22 3b 76 61 72 20 78 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 78 2e 69 64 3d 65 2b 22 2d 66 72 22 2c 78 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 67 29 2c 78 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 6c 6c 6f 77 22 2c 22 63 72 6f 73 73 2d 6f 72 69 67 69 6e 2d 69 73 6f 6c 61 74 65 64 3b 20 66 75 6c 6c 73 63 72 65 65 6e 22 29 2c 78 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 61 6e 64 Data Ascii: ius="5px",s.style.left="0px",s.style.top="0px",s.style.overflow="hidden",s.style.margin="0px auto";var x=document.createElement("iframe");x.id=e+"-fr",x.setAttribute("src",g),x.setAttribute("allow","cross-origin-isolated; fullscreen"),x.setAttribute("sand

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payout Receipt.pptx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\1380790193167760279.C4

C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\PowerPoint\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\FA3FA1C8-8B2F-4EAE-AE8F-9258C28FA679

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100042v2.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100043v0.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100068v2.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100069v1.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100070v0.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100071v0.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100074v0.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100075v1.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100076v2.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100077v2.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100078v1.xml

C:\Users\user\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules\rule100079v2.xml

Windows Analysis Report
Payout Receipt.pptx

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:01 UTC	637	OUT	GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js? HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
2024-10-04 13:11:02 UTC	670	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:02 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 8053 Connection: close cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public x-content-type-options: nosniff Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8OzfU8j%2Be2hy7Kn%2B%2F7c6fNZ3IcU3zef6YomHShXXzn8F%2F%2BXbRciCRVlPUWXoVUmpAjrkgTe00HhLFvZy75M2qcED%2Ft%2FT4NR4WbQyiySsvMn9t6OWjTwJa7H1NpuVDvPqK37iyfWPq6G91At58PWO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cd56a5d8859432c-EWR
2024-10-04 13:11:02 UTC	699	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 3d 7b 63 46 50 57 76 3a 27 67 27 7d 3b 7e 66 75 6e 63 74 69 6f 6e 28 56 2c 66 2c 67 2c 6c 2c 6d 2c 76 2c 78 2c 7a 29 7b 56 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 55 2c 42 2c 43 29 7b 66 6f 72 28 55 3d 62 2c 42 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 43 3d 2d 70 61 72 73 65 49 6e 74 28 55 28 32 33 37 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 55 28 32 34 38 29 29 2f 32 2b 2d 70 61 72 73 65 49 6e 74 28 55 28 33 32 37 29 29 2f 33 2a 28 70 61 72 73 65 49 6e 74 28 55 28 33 30 36 29 29 2f 34 29 2b 2d 70 61 72 73 65 49 6e 74 28 55 28 33 32 39 29 29 2f 35 2a 28 70 61 72 73 65 49 6e 74 28 55 28 32 36 30 29 29 2f 36 29 2b 70 61 72 73 65 49 6e 74 28 55 28 32 33 31 29 29 2f 37 2a 28 70 61 Data Ascii: window._cf_chl_opt={cFPWv:'g'};~function(V,f,g,l,m,v,x,z){V=b,function(c,d,U,B,C){for(U=b,B=c();!![];)try{if(C=-parseInt(U(237))/1+-parseInt(U(248))/2+-parseInt(U(327))/3(parseInt(U(306))/4)+-parseInt(U(329))/5(parseInt(U(260))/6)+parseInt(U(231))/7*(pa
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 43 29 29 29 2c 47 3d 42 5b 61 34 28 32 39 31 29 5d 5b 61 34 28 33 31 35 29 5d 26 26 42 5b 61 34 28 32 38 39 29 5d 3f 42 5b 61 34 28 32 39 31 29 5d 5b 61 34 28 33 31 35 29 5d 28 6e 65 77 20 42 5b 28 61 34 28 32 38 39 29 29 5d 28 47 29 29 3a 66 75 6e 63 74 69 6f 6e 28 4d 2c 61 35 2c 4e 29 7b 66 6f 72 28 61 35 3d 61 34 2c 4d 5b 61 35 28 33 32 34 29 5d 28 29 2c 4e 3d 30 3b 4e 3c 4d 5b 61 35 28 32 38 33 29 5d 3b 4d 5b 4e 2b 31 5d 3d 3d 3d 4d 5b 4e 5d 3f 4d 5b 61 35 28 32 36 36 29 5d 28 4e 2b 31 2c 31 29 3a 4e 2b 3d 31 29 3b 72 65 74 75 72 6e 20 4d 7d 28 47 29 2c 48 3d 27 6e 41 73 41 61 41 62 27 2e 73 70 6c 69 74 28 27 41 27 29 2c 48 3d 48 5b 61 34 28 32 35 36 29 5d 5b 61 34 28 32 38 37 29 5d 28 48 29 2c 49 3d 30 3b 49 3c 47 5b 61 34 28 32 38 33 29 5d 3b 4a 3d Data Ascii: C))),G=B[a4(291)][a4(315)]&&B[a4(289)]?B[a4(291)][a4(315)](new B[(a4(289))](G)):function(M,a5,N){for(a5=a4,M[a5(324)](),N=0;N<M[a5(283)];M[N+1]===M[N]?M[a5(266)](N+1,1):N+=1);return M}(G),H='nAsAaAb'.split('A'),H=H[a4(256)][a4(287)](H),I=0;I<G[a4(283)];J=
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 3d 4f 3c 3c 31 7c 54 26 31 2c 50 3d 3d 45 2d 31 3f 28 50 3d 30 2c 4e 5b 61 61 28 32 32 36 29 5d 28 46 28 4f 29 29 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3e 3e 3d 31 2c 47 2b 2b 29 3b 7d 65 6c 73 65 7b 66 6f 72 28 54 3d 31 2c 47 3d 30 3b 47 3c 4d 3b 4f 3d 54 7c 4f 3c 3c 31 2c 50 3d 3d 45 2d 31 3f 28 50 3d 30 2c 4e 5b 61 61 28 32 32 36 29 5d 28 46 28 4f 29 29 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3d 30 2c 47 2b 2b 29 3b 66 6f 72 28 54 3d 4a 5b 61 61 28 33 31 39 29 5d 28 30 29 2c 47 3d 30 3b 31 36 3e 47 3b 4f 3d 4f 3c 3c 31 7c 54 26 31 2e 31 38 2c 50 3d 3d 45 2d 31 3f 28 50 3d 30 2c 4e 5b 61 61 28 32 32 36 29 5d 28 46 28 4f 29 29 2c 4f 3d 30 29 3a 50 2b 2b 2c 54 3e 3e 3d 31 2c 47 2b 2b 29 3b 7d 4b 2d 2d 2c 30 3d 3d 4b 26 26 28 4b 3d 4d 61 74 68 5b 61 61 28 32 34 34 29 Data Ascii: =O<<1\|T&1,P==E-1?(P=0,N[aa(226)](F(O)),O=0):P++,T>>=1,G++);}else{for(T=1,G=0;G<M;O=T\|O<<1,P==E-1?(P=0,N[aa(226)](F(O)),O=0):P++,T=0,G++);for(T=J[aa(319)](0),G=0;16>G;O=O<<1\|T&1.18,P==E-1?(P=0,N[aa(226)](F(O)),O=0):P++,T>>=1,G++);}K--,0==K&&(K=Math[aa(244)
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 2b 3d 31 29 3b 66 6f 72 28 51 3d 30 2c 52 3d 4d 61 74 68 5b 61 64 28 32 34 34 29 5d 28 32 2c 32 29 2c 4d 3d 31 3b 52 21 3d 4d 3b 53 3d 4f 26 4e 2c 4f 3e 3e 3d 31 2c 4f 3d 3d 30 26 26 28 4f 3d 45 2c 4e 3d 46 28 50 2b 2b 29 29 2c 51 7c 3d 28 30 3c 53 3f 31 3a 30 29 2a 4d 2c 4d 3c 3c 3d 31 29 3b 73 77 69 74 63 68 28 51 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 51 3d 30 2c 52 3d 4d 61 74 68 5b 61 64 28 32 34 34 29 5d 28 32 2c 38 29 2c 4d 3d 31 3b 4d 21 3d 52 3b 53 3d 4f 26 4e 2c 4f 3e 3e 3d 31 2c 4f 3d 3d 30 26 26 28 4f 3d 45 2c 4e 3d 46 28 50 2b 2b 29 29 2c 51 7c 3d 28 30 3c 53 3f 31 3a 30 29 2a 4d 2c 4d 3c 3c 3d 31 29 3b 54 3d 64 28 51 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 31 3a 66 6f 72 28 51 3d 30 2c 52 3d 4d 61 74 68 5b 61 64 28 32 34 34 29 5d 28 32 2c 31 Data Ascii: +=1);for(Q=0,R=Math[ad(244)](2,2),M=1;R!=M;S=O&N,O>>=1,O==0&&(O=E,N=F(P++)),Q\|=(0<S?1:0)M,M<<=1);switch(Q){case 0:for(Q=0,R=Math[ad(244)](2,8),M=1;M!=R;S=O&N,O>>=1,O==0&&(O=E,N=F(P++)),Q\|=(0<S?1:0)M,M<<=1);T=d(Q);break;case 1:for(Q=0,R=Math[ad(244)](2,1
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 36 29 5d 7c 7c 43 5b 61 37 28 33 32 38 29 5d 2c 27 6e 2e 27 2c 44 29 2c 44 3d 56 67 75 79 36 28 43 2c 42 5b 61 37 28 33 30 38 29 5d 2c 27 64 2e 27 2c 44 29 2c 67 5b 61 37 28 32 37 37 29 5d 5b 61 37 28 33 31 38 29 5d 28 42 29 2c 45 3d 7b 7d 2c 45 2e 72 3d 44 2c 45 2e 65 3d 6e 75 6c 6c 2c 45 7d 63 61 74 63 68 28 47 29 7b 72 65 74 75 72 6e 20 46 3d 7b 7d 2c 46 2e 72 3d 7b 7d 2c 46 2e 65 3d 47 2c 46 7d 7d 66 75 6e 63 74 69 6f 6e 20 69 28 58 2c 63 2c 64 2c 42 2c 43 29 7b 69 66 28 28 58 3d 56 2c 63 3d 66 5b 58 28 32 36 37 29 5d 2c 64 3d 33 36 30 30 2c 63 2e 74 29 26 26 28 42 3d 4d 61 74 68 5b 58 28 32 32 33 29 5d 28 2b 61 74 6f 62 28 63 2e 74 29 29 2c 43 3d 4d 61 74 68 5b 58 28 32 32 33 29 5d 28 44 61 74 65 5b 58 28 33 31 33 29 5d 28 29 2f 31 65 33 29 2c 43 2d Data Ascii: 6)]\|\|C[a7(328)],'n.',D),D=Vguy6(C,B[a7(308)],'d.',D),g[a7(277)][a7(318)](B),E={},E.r=D,E.e=null,E}catch(G){return F={},F.r={},F.e=G,F}}function i(X,c,d,B,C){if((X=V,c=f[X(267)],d=3600,c.t)&&(B=Math[X(223)](+atob(c.t)),C=Math[X(223)](Date[X(313)]()/1e3),C-
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 2c 73 70 6c 69 63 65 2c 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 2c 66 75 6e 63 74 69 6f 6e 2c 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 69 73 4e 61 4e 2c 72 65 61 64 79 53 74 61 74 65 2c 63 68 61 72 41 74 2c 72 65 70 6c 61 63 65 2c 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 4e 61 6d 65 73 2c 6f 6e 74 69 6d 65 6f 75 74 2c 66 72 6f 6d 43 68 61 72 43 6f 64 65 2c 62 6f 64 79 2c 5f 63 66 5f 63 68 6c 5f 6f 70 74 3b 6d 70 55 61 4c 32 3b 46 78 4f 6e 72 33 3b 4b 55 6a 49 78 33 3b 74 6c 4c 72 4b 32 3b 59 76 50 64 36 3b 65 58 44 6c 4c 34 3b 74 50 6f 68 52 32 3b 4a 65 75 68 67 31 3b 46 72 4e 42 69 35 3b 54 4d 4d 78 35 3b 48 63 54 45 49 33 3b 69 48 77 78 4d 33 3b 56 67 75 79 36 3b 48 76 6d 72 33 3b 4f 75 57 54 37 2c 74 69 6d 65 6f 75 74 2c 73 65 6e 64 2c 75 6e 64 Data Ascii: ,splice,__CF$cv$params,function,hasOwnProperty,isNaN,readyState,charAt,replace,getOwnPropertyNames,ontimeout,fromCharCode,body,_cf_chl_opt;mpUaL2;FxOnr3;KUjIx3;tlLrK2;YvPd6;eXDlL4;tPohR2;Jeuhg1;FrNBi5;TMMx5;HcTEI3;iHwxM3;Vguy6;Hvmr3;OuWT7,timeout,send,und
2024-10-04 13:11:02 UTC	509	IN	Data Raw: 5a 28 33 32 35 29 5d 2c 49 5b 5a 28 32 35 37 29 5d 3d 66 5b 5a 28 32 39 36 29 5d 5b 5a 28 32 35 37 29 5d 2c 49 5b 5a 28 33 33 32 29 5d 3d 66 5b 5a 28 32 39 36 29 5d 5b 5a 28 33 33 32 29 5d 2c 4a 3d 49 2c 47 5b 5a 28 32 32 34 29 5d 28 48 2c 46 2c 21 21 5b 5d 29 2c 47 5b 5a 28 32 37 39 29 5d 3d 32 35 30 30 2c 47 5b 5a 28 32 37 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 47 5b 5a 28 33 30 31 29 5d 28 5a 28 32 39 30 29 2c 5a 28 32 32 39 29 29 2c 4b 3d 7b 7d 2c 4b 5b 5a 28 33 32 32 29 5d 3d 44 2c 4b 5b 5a 28 32 39 37 29 5d 3d 4a 2c 4b 5b 5a 28 32 39 35 29 5d 3d 5a 28 32 38 32 29 2c 4c 3d 7a 5b 5a 28 32 33 33 29 5d 28 4a 53 4f 4e 5b 5a 28 33 30 35 29 5d 28 4b 29 29 5b 5a 28 32 37 33 29 5d 28 27 2b 27 2c 5a 28 33 33 31 29 29 2c 47 5b 5a 28 32 38 30 29 5d Data Ascii: Z(325)],I[Z(257)]=f[Z(296)][Z(257)],I[Z(332)]=f[Z(296)][Z(332)],J=I,G[Z(224)](H,F,!![]),G[Z(279)]=2500,G[Z(275)]=function(){},G[Z(301)](Z(290),Z(229)),K={},K[Z(322)]=D,K[Z(297)]=J,K[Z(295)]=Z(282),L=z[Z(233)](JSON[Z(305)](K))[Z(273)]('+',Z(331)),G[Z(280)]

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:02 UTC	725	OUT	POST /cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive Content-Length: 15828 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/json Accept: / Origin: https://l0gin-microso.ftlivedocs.tech Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
2024-10-04 13:11:02 UTC	15828	OUT	Data Raw: 7b 22 77 70 22 3a 22 32 6d 74 37 46 48 78 64 46 54 74 46 58 33 56 78 61 78 63 30 66 37 48 55 30 35 72 30 75 67 75 47 47 48 64 78 5a 2b 30 6a 73 55 77 73 50 74 30 52 6a 4b 4f 56 73 54 78 39 30 58 61 74 53 6f 6d 6d 30 35 2d 47 30 57 30 47 55 47 74 78 30 45 47 78 4d 56 6b 37 2d 54 6d 38 62 43 37 6a 73 51 6d 72 35 34 39 63 33 53 44 37 4d 51 46 71 72 36 78 34 2b 6a 2d 75 30 46 74 74 4a 75 52 48 38 6f 30 24 53 6f 50 4e 38 30 4e 37 33 52 30 48 71 74 30 75 37 48 48 37 51 58 37 75 30 78 73 30 66 54 7a 30 78 36 38 30 79 4c 64 35 53 6d 4b 78 35 2d 6f 74 30 48 4c 38 30 48 56 4f 66 30 4f 48 30 78 38 45 50 65 74 43 39 72 55 48 53 48 78 4e 4d 72 6d 2b 46 51 41 6c 4e 6a 30 67 37 48 75 69 6e 6d 30 64 7a 6d 73 33 50 6a 70 45 53 30 4f 6c 4e 2d 51 67 35 37 30 65 2d 67 50 75 Data Ascii: {"wp":"2mt7FHxdFTtFX3Vxaxc0f7HU05r0uguGGHdxZ+0jsUwsPt0RjKOVsTx90XatSomm05-G0W0GUGtx0EGxMVk7-Tm8bC7jsQmr549c3SD7MQFqr6x4+j-u0FttJuRH8o0$SoPN80N73R0Hqt0u7HH7QX7u0xs0fTz0x680yLd5SmKx5-ot0HL80HVOf0OH0x8EPetC9rUHSHxNMrm+FQAlNj0g7Huinm0dzms3PjpES0OlN-Qg570e-gPu
2024-10-04 13:11:02 UTC	1246	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:02 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 0 Connection: close Set-Cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.ftlivedocs.tech; HttpOnly; Secure; SameSite=None Set-Cookie: cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5; Path=/; Expires=Sat, 04-Oct-25 13:11:02 GMT; Domain=.ftlivedocs.tech; HttpOnly; Secure; SameSite=None; Partitioned Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OhxstfIIHb0QLgbTF%2Bq4KAirmMfSHaVsOzFstzZYzFO8ro1qIdsxfkYhHz%2FxoO5mf1q4tvFTeKzjPsK0ApKLT4Mv5IfG%2FMcbP1yGT0fz9TbSpxw3hQV9qrEj4UECyAqYuLQcgqetlpSNHmCLWxV%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cd56a625f65c40e-EWR

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:02 UTC	812	OUT	GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://l0gin-microso.ftlivedocs.tech/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:02 UTC	1369	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 164874 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cross-origin-embedder-policy: require-corp content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self' accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-opener-policy: same-origin document-policy: js-profiling referrer-policy: same-origin origin-agent-cluster: ?1 critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-resource-policy: cross-origin permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
2024-10-04 13:11:02 UTC	52	IN	Data Raw: 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 43 46 2d 52 41 59 3a 20 38 63 64 35 36 61 36 33 30 63 66 37 34 31 65 33 2d 45 57 52 0d 0a 0d 0a Data Ascii: Server: cloudflareCF-RAY: 8cd56a630cf741e3-EWR
2024-10-04 13:11:02 UTC	1317	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0a Data Ascii: <!DOCTYPE HTML><html lang="en-US"><head> <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"> <meta name="robots" content="noindex, nofollow" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 25 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 6d 61 69 6e 2d 77 72 61 70 70 65 72 2c 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 73 79 73 74 65 6d 2d 75 69 2c 62 6c 69 6e 6b 6d 61 63 73 79 73 74 65 6d 66 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 72 6f 62 6f 74 6f 2c 6f 78 79 67 65 6e 2c 75 62 75 6e 74 75 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 2d 77 65 62 Data Ascii: %;margin:0;overflow:hidden;padding:0;width:100%}.main-wrapper,body{background-color:#fff;color:#232323;font-family:-apple-system,system-ui,blinkmacsystemfont,Segoe UI,roboto,oxygen,ubuntu,Helvetica Neue,arial,sans-serif;font-size:14px;font-weight:400;-web
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 67 68 74 3a 33 30 70 78 3b 77 69 64 74 68 3a 33 30 70 78 7d 23 73 75 63 63 65 73 73 2d 70 72 65 2d 69 20 6c 69 6e 65 7b 73 74 72 6f 6b 65 3a 23 30 33 38 31 32 37 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 69 72 65 77 6f 72 6b 20 2e 33 73 20 65 61 73 65 2d 6f 75 74 20 31 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 33 32 20 33 32 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 2d 38 7d 23 73 75 63 63 65 73 73 2d 74 65 78 74 7b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 2d 69 6e 20 31 73 20 66 6f 72 77 61 72 64 73 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 73 75 63 63 65 73 73 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 32 3b 73 74 Data Ascii: ght:30px;width:30px}#success-pre-i line{stroke:#038127;animation:firework .3s ease-out 1;stroke-width:1;stroke-dasharray:32 32;stroke-dashoffset:-8}#success-text{animation:fade-in 1s forwards;opacity:0}.success-circle{stroke-dashoffset:0;stroke-width:2;st
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 61 3a 68 6f 76 65 72 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e Data Ascii: allenge-overlay a,.theme-dark #challenge-overlay a:link,.theme-dark #challenge-overlay a:visited{color:#bbb}.theme-dark #challenge-error-text a:active,.theme-dark #challenge-error-text a:focus,.theme-dark #challenge-error-text a:hover,.theme-dark #challen
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 64 61 72 6b 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 66 69 6c 6c 3a 23 66 66 66 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 62 62 62 7d 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 2c 2e 74 68 65 6d 65 2d 64 61 72 6b 20 23 66 72 2d 68 65 6c 70 65 72 2d 6c 6f 6f 70 Data Ascii: dark .logo-text{fill:#fff}.theme-dark #fr-helper-loop-link,.theme-dark #fr-helper-loop-link:link,.theme-dark #fr-helper-loop-link:visited{color:#bbb}.theme-dark #fr-helper-loop-link:active,.theme-dark #fr-helper-loop-link:focus,.theme-dark #fr-helper-loop
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 6f 76 65 72 6c 61 79 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 7d 23 6c 6f 67 6f 7b 68 65 69 67 68 74 3a 32 35 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 70 78 7d 2e 66 61 69 6c 75 72 65 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 31 36 36 3b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 Data Ascii: ,#challenge-overlay a:link,#challenge-overlay a:visited{color:#232323}#challenge-overlay a:active,#challenge-overlay a:focus,#challenge-overlay a:hover{color:#166379}#logo{height:25px;margin-bottom:1px}.failure-circle{stroke-dasharray:166;stroke-dashoffse
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 6e 3a 61 6c 6c 20 2e 31 73 20 65 61 73 65 2d 69 6e 3b 77 69 64 74 68 3a 32 34 70 78 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 38 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 69 3a 61 66 74 65 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 63 62 2d 6c 62 20 2e 63 62 2d 6c 62 2d 74 7b 67 72 69 64 2d 63 6f 6c 75 6d 6e 3a 32 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 2e 73 69 7a 65 2d 63 6f 6d 70 61 63 74 20 23 63 6f 6e 74 65 6e 74 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 66 6c 6f 77 3a 63 6f 6c Data Ascii: n:all .1s ease-in;width:24px;z-index:9998}.cb-lb .cb-i:after{border-radius:5px;content:"";position:absolute}.cb-lb .cb-lb-t{grid-column:2;margin-left:8px}.size-compact{font-size:14px}.size-compact #content{align-items:flex-start;display:flex;flex-flow:col
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 72 74 6c 7d 2e 72 74 6c 20 2e 63 62 2d 6c 62 2d 74 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 72 74 6c 20 23 65 78 70 69 72 65 64 2d 69 2c 2e 72 74 6c 20 23 66 61 69 6c 2d 69 2c 2e 72 74 6c 20 23 6f 76 65 72 72 75 6e 2d 69 2c 2e 72 74 6c 20 23 73 70 69 6e 6e 65 72 2d 69 2c 2e 72 74 6c 20 23 73 75 63 63 65 73 73 2d 69 2c 2e 72 74 6c 20 23 74 69 6d 65 6f 75 74 2d 69 7b 6c 65 66 74 3a 32 35 35 70 78 7d 2e 72 74 6c 20 23 66 72 2d 68 65 6c 70 65 72 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 32 35 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 62 72 61 6e 64 69 6e 67 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 31 36 70 78 3b 77 69 64 74 68 3a 39 30 70 78 Data Ascii: rtl}.rtl .cb-lb-t{margin-left:0;margin-right:8px;padding:0}.rtl #expired-i,.rtl #fail-i,.rtl #overrun-i,.rtl #spinner-i,.rtl #success-i,.rtl #timeout-i{left:255px}.rtl #fr-helper{margin-left:.25em;margin-right:0}.rtl #branding{margin:0 0 0 16px;width:90px
2024-10-04 13:11:02 UTC	1369	IN	Data Raw: 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 61 63 74 69 76 65 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 66 6f 63 75 73 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 31 36 36 33 37 39 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 6c 69 6e 6b 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 69 74 6c 65 20 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 32 33 32 33 32 33 7d 23 63 68 61 6c 6c Data Ascii: challenge-error-title a{color:#232323}#challenge-error-title a:active,#challenge-error-title a:focus,#challenge-error-title a:hover{color:#166379;text-decoration:underline}#challenge-error-title a:link,#challenge-error-title a:visited{color:#232323}#chall

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:03 UTC	485	OUT	GET /cdn-cgi/challenge-platform/h/g/jsd/r/8cd56a496a3b5e6a HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4
2024-10-04 13:11:03 UTC	516	IN	HTTP/1.1 405 Method Not Allowed Date: Fri, 04 Oct 2024 13:11:03 GMT Content-Length: 0 Connection: close allow: POST Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Va%2FhMvJ%2BULxr9QQUl%2FAnbXp44pJpY83RbfEN3pWoGNvpBV36eftnvnMSYNi9Pr%2BRv8q3W7lIuMj0jIC1lVnWJmvPejCcJRKHydTiqe6DXGiRrptfgoRS27BprLuGPjEU1bABTV72Rtns1zC%2BpST2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cd56a66f8c2335a-EWR

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:03 UTC	730	OUT	GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8cd56a630cf741e3&lang=auto HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:03 UTC	301	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:03 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 120417 Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Server: cloudflare CF-RAY: 8cd56a675ced4397-EWR
2024-10-04 13:11:03 UTC	1068	IN	Data Raw: 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 71 5a 4a 79 54 32 3d 7b 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 63 68 61 6c 6c 65 6e 67 65 2e 73 75 70 70 6f 72 74 65 64 5f 62 72 6f 77 73 65 72 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 46 25 32 46 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 25 32 46 66 75 6e 64 61 6d 65 6e 74 61 6c 73 25 32 46 67 65 74 2d 73 74 61 72 74 65 64 25 32 46 63 6f 6e 63 65 70 74 73 25 32 46 63 6c 6f 75 64 66 6c 61 72 65 2d 63 68 61 6c 6c 65 6e 67 65 73 25 32 46 25 32 33 62 72 6f 77 73 65 72 2d 73 75 70 70 6f 72 74 22 2c 22 63 68 61 6c 6c 65 6e 67 65 2e 74 65 72 6d 73 22 3a 22 68 74 74 70 73 25 33 41 25 32 Data Ascii: window._cf_chl_opt.uaO=false;window._cf_chl_opt.qZJyT2={"metadata":{"challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support","challenge.terms":"https%3A%2
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 64 62 61 63 6b 5f 72 65 70 6f 72 74 5f 6f 75 74 70 75 74 5f 73 75 62 74 69 74 6c 65 22 3a 22 59 6f 75 72 20 66 65 65 64 62 61 63 6b 20 72 65 70 6f 72 74 20 68 61 73 20 62 65 65 6e 20 73 75 63 63 65 73 73 66 75 6c 6c 79 20 73 75 62 6d 69 74 74 65 64 22 2c 22 74 75 72 6e 73 74 69 6c 65 5f 69 66 72 61 6d 65 5f 61 6c 74 22 3a 22 57 69 64 67 65 74 25 32 30 63 6f 6e 74 61 69 6e 69 6e 67 25 32 30 61 25 32 30 43 6c 6f 75 64 66 6c 61 72 65 25 32 30 73 65 63 75 72 69 74 79 25 32 30 63 68 61 6c 6c 65 6e 67 65 22 2c 22 69 6e 76 61 6c 69 64 5f 73 69 74 65 6b 65 79 22 3a 22 49 6e 76 61 6c 69 64 25 32 30 73 69 74 65 6b 65 79 2e 25 32 30 43 6f 6e 74 61 63 74 25 32 30 74 68 65 25 32 30 53 69 74 65 25 32 30 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 25 32 30 69 66 25 32 30 74 Data Ascii: dback_report_output_subtitle":"Your feedback report has been successfully submitted","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20t
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 61 6b 3b 65 6c 73 65 20 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 63 61 74 63 68 28 67 29 7b 65 2e 70 75 73 68 28 65 2e 73 68 69 66 74 28 29 29 7d 7d 28 61 2c 35 34 38 30 36 31 29 2c 65 4d 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 65 4e 3d 65 4d 5b 67 49 28 31 31 32 37 29 5d 2c 65 4d 5b 67 49 28 36 33 30 29 5d 3d 21 5b 5d 2c 65 4d 5b 67 49 28 31 30 37 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 68 33 29 7b 69 66 28 68 33 3d 67 49 2c 65 4d 5b 68 33 28 36 33 30 29 5d 29 72 65 74 75 72 6e 3b 65 4d 5b 68 33 28 36 33 30 29 5d 3d 21 21 5b 5d 7d 2c 65 55 3d 30 2c 65 4e 5b 67 49 28 31 31 35 37 29 5d 3d 3d 3d 67 49 28 31 31 31 32 29 3f 65 4e 5b 67 49 28 31 35 38 38 29 5d 28 67 49 28 32 34 36 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 Data Ascii: ak;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,548061),eM=this\|\|self,eN=eM[gI(1127)],eM[gI(630)]=![],eM[gI(1071)]=function(h3){if(h3=gI,eM[h3(630)])return;eM[h3(630)]=!![]},eU=0,eN[gI(1157)]===gI(1112)?eN[gI(1588)](gI(246),function(){setTimeout(
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 6f 6e 28 67 2c 68 2c 69 2c 68 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 73 2c 78 2c 42 2c 43 2c 44 2c 45 29 7b 6b 3d 28 68 69 3d 67 49 2c 6a 3d 7b 7d 2c 6a 5b 68 69 28 38 38 35 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 47 29 7b 72 65 74 75 72 6e 20 46 2b 47 7d 2c 6a 5b 68 69 28 36 37 38 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 47 29 7b 72 65 74 75 72 6e 20 46 2b 47 7d 2c 6a 5b 68 69 28 32 37 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 47 29 7b 72 65 74 75 72 6e 20 46 2b 47 7d 2c 6a 5b 68 69 28 37 37 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 46 2c 47 29 7b 72 65 74 75 72 6e 20 46 2b 47 7d 2c 6a 5b 68 69 28 31 31 35 38 29 5d 3d 68 69 28 31 33 38 36 29 2c 6a 5b 68 69 28 31 36 35 38 29 5d 3d 68 69 28 38 30 34 29 2c 6a 5b 68 69 28 36 37 37 29 5d 3d 68 69 28 39 Data Ascii: on(g,h,i,hi,j,k,l,m,n,o,s,x,B,C,D,E){k=(hi=gI,j={},j[hi(885)]=function(F,G){return F+G},j[hi(678)]=function(F,G){return F+G},j[hi(271)]=function(F,G){return F+G},j[hi(772)]=function(F,G){return F+G},j[hi(1158)]=hi(1386),j[hi(1658)]=hi(804),j[hi(677)]=hi(9
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 68 6a 28 31 30 39 35 29 5d 3d 68 6a 28 38 33 34 29 2c 6a 3d 69 2c 6b 3d 64 5b 68 6a 28 31 32 32 35 29 5d 28 29 2c 6c 3d 6a 5b 68 6a 28 32 39 38 29 5d 2c 6b 5b 68 6a 28 32 30 32 29 5d 28 6c 29 3e 2d 31 29 3f 65 4d 5b 68 6a 28 31 33 33 33 29 5d 28 66 75 6e 63 74 69 6f 6e 28 68 6b 29 7b 68 6b 3d 68 6a 2c 65 4d 5b 68 6b 28 31 35 39 39 29 5d 28 29 7d 2c 31 65 33 29 3a 28 6d 3d 5b 68 6a 28 31 34 33 30 29 2b 64 2c 6a 5b 68 6a 28 37 34 32 29 5d 28 6a 5b 68 6a 28 31 34 30 31 29 5d 2c 65 29 2c 6a 5b 68 6a 28 37 34 32 29 5d 28 6a 5b 68 6a 28 31 32 31 34 29 5d 2c 66 29 2c 68 6a 28 31 31 36 33 29 2b 67 2c 6a 5b 68 6a 28 35 30 39 29 5d 2b 4a 53 4f 4e 5b 68 6a 28 31 35 31 37 29 5d 28 68 29 5d 5b 68 6a 28 31 30 34 31 29 5d 28 6a 5b 68 6a 28 31 30 39 35 29 5d 29 2c 65 4d Data Ascii: hj(1095)]=hj(834),j=i,k=d[hj(1225)](),l=j[hj(298)],k[hj(202)](l)>-1)?eM[hj(1333)](function(hk){hk=hj,eM[hk(1599)]()},1e3):(m=[hj(1430)+d,j[hj(742)](j[hj(1401)],e),j[hj(742)](j[hj(1214)],f),hj(1163)+g,j[hj(509)]+JSON[hj(1517)](h)][hj(1041)](j[hj(1095)]),eM
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 69 53 2c 63 2c 64 2c 65 2c 67 29 7b 69 66 28 69 53 3d 67 49 2c 63 3d 7b 27 70 63 64 56 77 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 2b 67 7d 2c 27 68 54 48 65 44 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 26 67 7d 2c 27 46 63 49 52 69 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 7c 67 7d 2c 27 53 70 51 47 62 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 3e 3e 67 7d 2c 27 42 64 4e 71 54 27 3a 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 72 65 74 75 72 6e 20 66 2d 67 7d 2c 27 53 6d 64 70 57 27 3a 69 53 28 37 39 33 29 2c 27 6e 78 48 4c 71 27 3a 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 74 75 72 Data Ascii: tInterval(function(iS,c,d,e,g){if(iS=gI,c={'pcdVw':function(f,g){return f+g},'hTHeD':function(f,g){return f&g},'FcIRi':function(f,g){return f\|g},'SpQGb':function(f,g){return f>>g},'BdNqT':function(f,g){return f-g},'SmdpW':iS(793),'nxHLq':function(f){retur
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 47 2c 48 2c 49 29 7b 72 65 74 75 72 6e 20 47 28 48 2c 49 29 7d 7d 2c 68 3d 3d 3d 6e 75 6c 6c 7c 7c 68 3d 3d 3d 76 6f 69 64 20 30 29 72 65 74 75 72 6e 20 6a 3b 66 6f 72 28 78 3d 6f 5b 69 59 28 38 33 33 29 5d 28 67 36 2c 68 29 2c 67 5b 69 59 28 31 36 30 31 29 5d 5b 69 59 28 31 32 37 38 29 5d 26 26 28 78 3d 78 5b 69 59 28 33 33 39 29 5d 28 67 5b 69 59 28 31 36 30 31 29 5d 5b 69 59 28 31 32 37 38 29 5d 28 68 29 29 29 2c 78 3d 67 5b 69 59 28 36 37 39 29 5d 5b 69 59 28 31 36 36 37 29 5d 26 26 67 5b 69 59 28 33 32 33 29 5d 3f 67 5b 69 59 28 36 37 39 29 5d 5b 69 59 28 31 36 36 37 29 5d 28 6e 65 77 20 67 5b 28 69 59 28 33 32 33 29 29 5d 28 78 29 29 3a 66 75 6e 63 74 69 6f 6e 28 47 2c 69 5a 2c 48 29 7b 66 6f 72 28 69 5a 3d 69 59 2c 47 5b 69 Data Ascii: unction(G,H,I){return G(H,I)}},h===null\|\|h===void 0)return j;for(x=o[iY(833)](g6,h),g[iY(1601)][iY(1278)]&&(x=x[iY(339)](g[iY(1601)][iY(1278)](h))),x=g[iY(679)][iY(1667)]&&g[iY(323)]?g[iY(679)][iY(1667)](new g[(iY(323))](x)):function(G,iZ,H){for(iZ=iY,G[i
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 5b 6e 5d 5b 6a 30 28 32 30 32 29 5d 28 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 26 26 28 67 38 28 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 7c 7c 68 5b 6e 5d 5b 6a 30 28 31 36 33 31 29 5d 28 6b 5b 6a 30 28 31 36 36 36 29 5d 28 27 6f 2e 27 2c 69 5b 6c 5b 6d 5d 5d 5b 6f 5d 29 29 29 2c 6f 2b 2b 29 3b 7d 65 6c 73 65 20 68 5b 6e 5d 3d 69 5b 6c 5b 6d 5d 5d 5b 6a 30 28 31 35 39 35 29 5d 28 66 75 6e 63 74 69 6f 6e 28 76 29 7b 72 65 74 75 72 6e 27 6f 2e 27 2b 76 7d 29 7d 2c 67 39 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 6a 31 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 29 7b 66 6f 72 28 6a 31 3d 67 49 2c 67 3d 7b 7d 2c 67 5b 6a 31 28 35 36 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 73 29 7b 72 65 74 75 72 6e 20 6e 2b 73 7d 2c 67 5b 6a 31 28 37 32 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: [n][j0(202)](i[l[m]][o])&&(g8(i[l[m]][o])\|\|h[n][j0(1631)](k[j0(1666)]('o.',i[l[m]][o]))),o++);}else h[n]=i[l[m]][j0(1595)](function(v){return'o.'+v})},g9=function(f,j1,g,h,i,j,k,l,m){for(j1=gI,g={},g[j1(562)]=function(n,s){return n+s},g[j1(721)]=function(
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 2c 27 64 4b 6e 65 61 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3e 69 7d 2c 27 69 55 67 68 48 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 21 3d 68 7d 2c 27 4a 52 62 6b 47 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2a 69 7d 2c 27 5a 5a 7a 5a 73 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 28 69 29 7d 2c 27 64 6c 6b 73 4e 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 68 44 41 6a 67 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 59 58 69 6a 48 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 51 51 4c 6c 6c 27 3a 66 75 6e 63 Data Ascii: ,'dKnea':function(h,i){return h>i},'iUghH':function(h,i){return i!=h},'JRbkG':function(h,i){return h*i},'ZZzZs':function(h,i){return h(i)},'dlksN':function(h,i){return h!=i},'hDAjg':function(h,i){return h-i},'YXijH':function(h,i){return h!=i},'QQLll':func
2024-10-04 13:11:03 UTC	1369	IN	Data Raw: 35 29 5d 28 6f 2c 31 29 3f 28 4c 3d 30 2c 4a 5b 6a 46 28 31 36 33 31 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3e 3e 3d 31 2c 43 2b 2b 29 3b 7d 65 6c 73 65 20 69 66 28 64 5b 6a 46 28 38 30 32 29 5d 28 6a 46 28 31 35 36 37 29 2c 6a 46 28 31 35 36 37 29 29 29 7b 66 6f 72 28 50 3d 31 2c 43 3d 30 3b 64 5b 6a 46 28 31 30 39 38 29 5d 28 43 2c 49 29 3b 4b 3d 4b 3c 3c 31 2e 35 34 7c 50 2c 64 5b 6a 46 28 31 34 34 36 29 5d 28 4c 2c 6f 2d 31 29 3f 28 4c 3d 30 2c 4a 5b 6a 46 28 31 36 33 31 29 5d 28 73 28 4b 29 29 2c 4b 3d 30 29 3a 4c 2b 2b 2c 50 3d 30 2c 43 2b 2b 29 3b 66 6f 72 28 50 3d 46 5b 6a 46 28 38 36 32 29 5d 28 30 29 2c 43 3d 30 3b 64 5b 6a 46 28 33 30 32 29 5d 28 31 36 2c 43 29 3b 4b 3d 64 5b 6a 46 28 31 34 33 35 29 5d 28 4b 2c 31 29 7c 31 26 Data Ascii: 5)](o,1)?(L=0,J[jF(1631)](s(K)),K=0):L++,P>>=1,C++);}else if(d[jF(802)](jF(1567),jF(1567))){for(P=1,C=0;d[jF(1098)](C,I);K=K<<1.54\|P,d[jF(1446)](L,o-1)?(L=0,J[jF(1631)](s(K)),K=0):L++,P=0,C++);for(P=F[jF(862)](0),C=0;d[jF(302)](16,C);K=d[jF(1435)](K,1)\|1&

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:03 UTC	795	OUT	GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:03 UTC	210	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:03 GMT Content-Type: image/png Content-Length: 61 Connection: close cache-control: max-age=2629800, public Server: cloudflare CF-RAY: 8cd56a68dee94368-EWR
2024-10-04 13:11:03 UTC	61	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 02 00 00 00 02 08 02 00 00 00 fd d4 9a 73 00 00 00 04 49 44 41 54 00 00 00 01 9d 24 d7 91 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRsIDAT$IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:04 UTC	568	OUT	OPTIONS /report/v4?s=Va%2FhMvJ%2BULxr9QQUl%2FAnbXp44pJpY83RbfEN3pWoGNvpBV36eftnvnMSYNi9Pr%2BRv8q3W7lIuMj0jIC1lVnWJmvPejCcJRKHydTiqe6DXGiRrptfgoRS27BprLuGPjEU1bABTV72Rtns1zC%2BpST2 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://l0gin-microso.ftlivedocs.tech Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:04 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Fri, 04 Oct 2024 13:11:03 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:04 UTC	1163	OUT	GET /favicon.ico HTTP/1.1 Host: l0gin-microso.ftlivedocs.tech Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://l0gin-microso.ftlivedocs.tech/KUtIdFka Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: fNYe=896a8296dd752621a31badfb843ea3b9d58cbc46d6504a1582b16c1633cbccb4; cf_clearance=PnrrDIdUFnV3xXNKwU7Uk2KkvZUrRmLQ6VsqVSFs7iI-1728047462-1.2.1.1-KgyGMoX2WsyMGE_crV0QHN0PnWPTTT_vkrnfk6OUsXs.ZCFyIMeIhyPM5AaovJKdYX33b6XhxSMauVLxhud15UDF6qe_lUUn4z7DUAUZgquXnur2JBrKraoo31FHgtIWsUITRVzxmgHzvH3L3sRtyyvkXX55rBaE6wwFcRgFWsHKcOzBUkmtg.SYM871TLywvjL.S9lBf6XKCP1RA_4rE_E8nRcZe7.uq6YsjbK5vOgE7JsW9ukyLOepD1wU8T7pQ7FQYb9ZLbSWuiaz05fetoXoB9g1me566IfE.8W3ydmURQRK0le68jWlAR9ChGQtId1KGEdKLtkgMNrP.DUbgel24XyilarY80urzfUxbGWeV87XlXGmDq1MBeocoMX5
2024-10-04 13:11:04 UTC	750	IN	HTTP/1.1 404 Not Found Date: Fri, 04 Oct 2024 13:11:04 GMT Transfer-Encoding: chunked Connection: close Cache-Control: private Nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} P3p: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin Report-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]} X-Ms-Ests-Server: 2.1.19005.9 - NCUS ProdSlices X-Ms-Request-Id: f263b88c-7eca-4adc-9de0-66f6a6630600 X-Ms-Srs: 1.P CF-Cache-Status: BYPASS Set-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 8cd56a6d09578c2f-EWR
2024-10-04 13:11:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:04 UTC	925	OUT	POST /cdn-cgi/challenge-platform/h/g/flow/ov1/147669712:1728044744:0OaiWMyJW7ZPxlqedXMft6P244b4nMflF1Cf4AK8E-k/8cd56a630cf741e3/fc3fc94e9e3547a HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Content-Length: 2745 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-type: application/x-www-form-urlencoded sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 CF-Challenge: fc3fc94e9e3547a sec-ch-ua-platform: "Windows" Accept: / Origin: https://challenges.cloudflare.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bth64/0x4AAAAAAAwd9hw5rvoDjM7I/auto/fbE/normal/auto/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:04 UTC	2745	OUT	Data Raw: 76 5f 38 63 64 35 36 61 36 33 30 63 66 37 34 31 65 33 3d 56 73 6b 4c 45 4c 64 4c 73 4c 74 4c 57 42 63 67 42 63 34 4c 42 52 4e 71 4a 69 42 33 63 4a 63 78 65 52 6b 4e 72 63 70 6c 63 33 37 4e 52 6c 6c 63 31 63 6c 24 33 76 66 4f 41 6c 63 62 4c 63 73 73 63 75 38 74 6c 71 63 67 63 38 6b 66 43 63 33 52 77 36 68 63 66 53 63 6a 4a 63 42 56 32 78 63 63 55 30 6a 41 63 51 73 53 6a 6f 34 41 64 42 69 63 6f 4c 33 4b 55 69 34 63 6c 71 7a 63 51 35 4f 77 45 6e 31 47 52 66 54 63 4b 31 79 77 5a 63 6f 24 6b 6b 63 4e 6c 63 75 67 58 6c 79 45 72 73 77 49 2d 71 36 41 72 79 78 62 43 70 6f 4c 66 56 66 24 66 37 58 4c 49 79 6f 4c 63 41 56 63 66 55 4e 6b 63 62 62 65 49 24 63 42 76 63 4b 52 73 76 46 46 64 68 6a 6c 71 63 48 55 6b 63 33 67 76 63 51 49 79 30 4c 4a 30 63 4e 36 71 63 6e 62 Data Ascii: v_8cd56a630cf741e3=VskLELdLsLtLWBcgBc4LBRNqJiB3cJcxeRkNrcplc37NRllc1cl$3vfOAlcbLcsscu8tlqcgc8kfCc3Rw6hcfScjJcBV2xccU0jAcQsSjo4AdBicoL3KUi4clqzcQ5OwEn1GRfTcK1ywZco$kkcNlcugXlyErswI-q6AryxbCpoLfVf$f7XLIyoLcAVcfUNkcbbeI$cBvcKRsvFFdhjlqcHUkc3gvcQIy0LJ0cN6qcnb
2024-10-04 13:11:04 UTC	737	IN	HTTP/1.1 200 OK Date: Fri, 04 Oct 2024 13:11:04 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 162572 Connection: close cf-chl-gen: kWHtfqzM2+dkQW7ttHcxBqGqHQIWo/E+/mQkCrlRUzepgE+0ZhmWy3gBPF4CTfmc00MWZPZIKDlyguaMBuckRfPe9Z2CO+59SZEMhj8MkrqDg0GCR0IUGdwPXfmhqh7FnIkFx2GWvzwfeo3jpPzVL+Ay1OrLvSTbKJsbZLHyH+TJQ463/y3CPmjjkCvJayxXfozYYBTGLF59GX5qUN5z44324zH5BJ+mH3t66us+hH5UNNO6UOJYJ8I62jQhWrNNkK/VNPKYvDRssnYtuRdr38Whql4S3Qm2MMdxVnR8BoVsx01huKNVozckVeqqgF6W9Jtk9H4mGueMNal8MJr1ViXZXPi+K5wlysd2mzCtBB1YLIat+0sigRe3hmumY+0OvIhHUoNxocBq5DCD+k1/NgWCyY6A9QoDbb5wKqW3DSg4EDpORizCfbqMZ6VNt+BYqWOXxfGW6McAdCD7fqb2CvVnglAQIM30IGl0cQuoQqiT1dlBVZCR4s7Gknsxyi6m1A==$rfmudkZke6Rpi3UY Server: cloudflare CF-RAY: 8cd56a6dbee4de98-EWR
2024-10-04 13:11:04 UTC	632	IN	Data Raw: 6a 4c 71 70 71 6e 75 68 76 4b 4f 6b 67 5a 7a 42 77 5a 37 4b 79 37 44 45 73 73 47 38 6b 59 75 56 31 63 37 61 73 37 65 36 73 74 61 2f 72 74 53 37 6e 4a 32 2b 6f 72 7a 52 70 74 2f 67 7a 64 79 6f 79 65 48 52 35 74 76 68 78 4e 4f 30 38 72 58 58 32 2f 43 38 39 2f 4b 37 74 38 6f 43 34 2f 44 4f 34 74 6a 34 30 67 7a 67 42 67 6f 50 34 73 76 65 45 64 4d 47 47 4f 7a 56 45 68 62 61 31 41 33 64 44 64 67 52 34 52 4d 46 47 51 63 59 39 75 45 71 34 53 4d 48 43 66 6f 6e 37 75 51 6d 4c 78 4d 4f 43 42 45 4e 46 6a 41 58 48 69 38 51 47 69 49 7a 45 30 55 32 4f 69 51 6d 41 6a 63 45 51 69 35 47 43 77 6c 4c 44 69 67 4e 45 46 59 59 46 43 51 31 58 43 55 72 46 30 6b 76 47 69 42 50 48 6d 56 5a 55 6a 63 63 50 43 77 6d 54 55 39 63 57 6b 34 70 5a 44 46 43 54 7a 46 72 5a 6b 6c 79 63 33 4e Data Ascii: jLqpqnuhvKOkgZzBwZ7Ky7DEssG8kYuV1c7as7e6sta/rtS7nJ2+orzRpt/gzdyoyeHR5tvhxNO08rXX2/C89/K7t8oC4/DO4tj40gzgBgoP4sveEdMGGOzVEhba1A3dDdgR4RMFGQcY9uEq4SMHCfon7uQmLxMOCBENFjAXHi8QGiIzE0U2OiQmAjcEQi5GCwlLDigNEFYYFCQ1XCUrF0kvGiBPHmVZUjccPCwmTU9cWk4pZDFCTzFrZklyc3N
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 6a 33 74 55 6b 70 61 4e 69 57 2b 58 64 6f 53 61 66 4a 71 5a 64 34 4b 69 67 32 70 6c 6e 5a 47 53 68 61 2b 75 70 6e 4a 7a 73 6e 4b 34 69 4a 75 32 6c 6e 2b 59 6e 34 47 37 6d 70 61 47 6d 72 61 54 75 58 36 31 76 73 37 48 78 4d 72 54 7a 61 61 6f 72 5a 69 57 75 4b 2b 6e 6c 4c 2b 74 7a 4c 2b 5a 74 35 36 65 74 4f 57 7a 75 36 69 71 33 75 54 63 35 50 48 43 71 4d 72 4b 39 75 48 49 79 65 72 5a 37 2b 54 78 32 76 7a 77 2b 4f 2b 2f 31 72 2f 55 38 76 34 45 38 75 7a 72 35 51 33 48 36 73 72 53 34 67 76 50 44 39 48 78 31 75 49 54 47 2b 67 5a 2b 67 49 65 38 66 41 68 38 50 73 51 33 75 54 30 46 69 73 4b 41 43 48 39 37 50 76 71 4e 52 4d 49 4c 79 49 55 41 78 4d 5a 4f 41 31 42 4d 45 49 35 4f 42 4d 54 42 77 55 2b 43 69 62 39 51 77 31 50 55 45 49 4d 4a 53 49 48 44 55 35 50 4c 43 6f Data Ascii: j3tUkpaNiW+XdoSafJqZd4Kig2plnZGSha+upnJzsnK4iJu2ln+Yn4G7mpaGmraTuX61vs7HxMrTzaaorZiWuK+nlL+tzL+Zt56etOWzu6iq3uTc5PHCqMrK9uHIyerZ7+Tx2vzw+O+/1r/U8v4E8uzr5Q3H6srS4gvPD9Hx1uITG+gZ+gIe8fAh8PsQ3uT0FisKACH97PvqNRMILyIUAxMZOA1BMEI5OBMTBwU+Cib9Qw1PUEIMJSIHDU5PLCo
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 5a 52 56 6b 4b 43 54 63 47 43 54 5a 61 4a 6d 6e 61 4e 76 62 4a 6d 53 71 34 4f 6b 71 36 2b 42 70 5a 4f 5a 6d 34 36 33 66 6e 70 33 75 4c 6d 35 6c 49 47 31 74 59 53 63 68 62 71 61 75 73 65 48 76 38 4b 6f 6a 38 36 4d 76 39 4f 59 72 35 54 62 6a 37 79 2f 74 73 79 55 75 37 50 63 78 72 2b 65 35 73 66 6c 34 63 62 61 31 39 33 6d 30 61 76 44 31 74 36 74 72 71 2f 54 30 37 4c 46 75 63 7a 4f 7a 73 33 74 34 4f 50 65 41 64 7a 52 39 74 37 71 32 75 7a 76 42 51 66 65 44 50 51 49 33 77 77 55 35 39 66 70 32 4e 7a 75 39 4f 41 50 38 66 33 57 45 2f 55 6b 39 68 58 6b 46 67 37 70 44 4f 55 75 47 79 48 79 44 77 49 68 4d 44 55 36 2b 68 49 4a 44 68 51 2b 51 43 41 36 4f 66 30 39 2f 51 4d 44 4b 79 73 4d 4c 53 59 46 54 6c 49 37 48 69 4a 52 45 55 39 51 46 78 6b 59 4e 42 63 5a 57 7a 6b 75 Data Ascii: ZRVkKCTcGCTZaJmnaNvbJmSq4Okq6+BpZOZm463fnp3uLm5lIG1tYSchbqauseHv8Koj86Mv9OYr5Tbj7y/tsyUu7Pcxr+e5sfl4cba193m0avD1t6trq/T07LFuczOzs3t4OPeAdzR9t7q2uzvBQfeDPQI3wwU59fp2Nzu9OAP8f3WE/Uk9hXkFg7pDOUuGyHyDwIhMDU6+hIJDhQ+QCA6Of09/QMDKysMLSYFTlI7HiJREU9QFxkYNBcZWzku
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 75 71 67 57 46 36 68 59 36 51 6a 4a 31 71 69 35 53 74 63 71 39 76 73 59 65 7a 71 72 68 38 72 72 71 69 65 4a 36 76 75 35 4b 6a 75 4a 79 56 67 35 6d 48 72 6f 71 4d 6f 63 58 41 72 35 44 53 71 72 4f 55 72 35 6e 48 6c 62 50 55 7a 5a 76 64 32 4c 75 79 30 4a 33 44 6f 62 2b 70 7a 61 58 44 71 63 6d 72 37 65 6a 50 72 63 72 48 34 4f 2b 78 7a 62 61 31 33 39 79 39 33 63 36 36 34 74 76 36 30 39 33 38 31 64 58 38 31 67 54 38 37 64 34 50 37 42 41 42 33 67 76 6a 34 39 4c 75 31 4f 58 65 32 64 4c 71 49 65 41 65 2b 42 44 6d 48 52 73 4b 48 68 58 35 36 51 34 45 4a 78 2f 76 37 67 6b 41 39 43 34 30 4f 43 63 36 4b 78 33 37 46 7a 49 6a 49 51 55 30 41 41 42 46 4a 54 6f 33 43 54 6b 70 4f 67 67 38 43 6b 45 39 53 55 6b 6d 4f 69 34 34 4e 68 70 56 4f 46 30 7a 4e 6c 55 67 4f 69 39 51 57 Data Ascii: uqgWF6hY6QjJ1qi5Stcq9vsYezqrh8rrqieJ6vu5KjuJyVg5mHroqMocXAr5DSqrOUr5nHlbPUzZvd2Luy0J3Dob+pzaXDqcmr7ejPrcrH4O+xzba139y93c664tv609381dX81gT87d4P7BAB3gvj49Lu1OXe2dLqIeAe+BDmHRsKHhX56Q4EJx/v7gkA9C40OCc6Kx37FzIjIQU0AABFJTo3CTkpOgg8CkE9SUkmOi44NhpVOF0zNlUgOi9QW
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 34 67 6d 71 73 6c 49 57 4d 64 62 47 79 6a 35 65 58 64 5a 74 38 6d 36 42 37 77 33 6d 44 75 5a 44 41 76 70 2b 72 67 73 79 62 6c 36 47 6b 6d 39 47 30 70 39 4c 52 6f 4e 6e 43 79 4d 2b 53 7a 4d 7a 41 6f 4a 37 58 31 37 2f 68 6e 4b 66 6c 78 74 2f 49 32 75 75 67 37 73 33 65 76 73 6e 76 38 4d 6a 7a 71 76 50 6a 30 62 6e 33 35 2b 33 61 30 63 4c 6b 76 2f 48 47 32 74 33 6f 77 63 54 5a 35 2b 2f 65 34 67 6e 6b 37 65 58 71 45 73 33 56 46 51 7a 58 36 66 4c 71 2b 39 4c 34 46 68 4d 51 46 2f 48 36 47 42 50 34 34 65 77 4b 41 75 62 72 42 50 33 38 4e 76 30 50 4b 65 37 34 4f 50 49 4d 42 7a 7a 35 46 51 74 42 47 77 4d 50 48 45 6b 6f 47 77 4e 4d 50 43 4d 46 4a 53 77 73 48 53 52 4b 49 69 31 4b 4d 30 31 45 47 68 4e 4e 56 42 49 76 50 7a 45 7a 4c 69 52 42 4f 43 4e 54 4d 32 55 6a 4f 45 Data Ascii: 4gmqslIWMdbGyj5eXdZt8m6B7w3mDuZDAvp+rgsybl6Gkm9G0p9LRoNnCyM+SzMzAoJ7X17/hnKflxt/I2uug7s3evsnv8MjzqvPj0bn35+3a0cLkv/HG2t3owcTZ5+/e4gnk7eXqEs3VFQzX6fLq+9L4FhMQF/H6GBP44ewKAubrBP38Nv0PKe74OPIMBzz5FQtBGwMPHEkoGwNMPCMFJSwsHSRKIi1KM01EGhNNVBIvPzEzLiRBOCNTM2UjOE
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 69 72 53 72 64 58 71 30 73 6e 6d 58 66 71 48 42 67 63 47 61 67 72 4b 30 70 6f 43 4b 74 4d 47 46 79 4d 79 77 69 63 47 6d 70 61 54 4f 73 35 66 57 73 4b 53 5a 79 62 75 2f 77 4e 66 4b 77 63 7a 62 6f 71 54 66 32 36 65 39 32 4f 4c 4b 72 65 54 4a 7a 38 6a 6b 35 39 48 31 72 76 4c 4e 30 2f 58 78 79 75 72 65 37 74 37 4e 32 76 58 42 75 51 50 37 78 4c 33 49 78 73 55 4b 38 4f 73 46 38 77 6e 7a 31 75 62 31 31 68 62 79 38 74 77 4b 46 51 6b 6a 44 67 45 43 42 39 2f 6d 41 52 6e 6e 33 53 77 72 41 75 6a 76 4c 42 77 47 41 54 41 67 4f 50 59 7a 44 77 37 37 4f 76 6b 62 44 55 45 37 51 52 56 46 51 53 55 46 4e 77 6b 61 44 45 6f 4d 55 52 74 50 49 30 55 73 56 45 6c 45 53 53 70 51 57 54 6b 65 48 7a 70 4a 4d 57 4d 34 52 54 64 41 5a 6c 34 33 52 54 51 70 52 45 64 66 53 55 59 77 61 47 6c Data Ascii: irSrdXq0snmXfqHBgcGagrK0poCKtMGFyMywicGmpaTOs5fWsKSZybu/wNfKwczboqTf26e92OLKreTJz8jk59H1rvLN0/Xxyure7t7N2vXBuQP7xL3IxsUK8OsF8wnz1ub11hby8twKFQkjDgECB9/mARnn3SwrAujvLBwGATAgOPYzDw77OvkbDUE7QRVFQSUFNwkaDEoMURtPI0UsVElESSpQWTkeHzpJMWM4RTdAZl43RTQpREdfSUYwaGl
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 70 79 55 72 34 6a 43 77 58 79 63 6d 62 4a 2b 68 62 2f 43 74 61 65 73 67 4c 43 43 30 70 32 73 73 64 4b 6c 7a 61 4f 35 31 64 48 49 78 74 75 73 75 4b 6d 2f 35 4c 37 4f 70 4a 6d 30 31 36 69 71 77 37 72 48 78 73 71 36 77 71 33 41 76 39 58 33 79 74 72 4a 78 4f 62 38 75 39 65 36 39 72 6f 41 77 2f 75 38 32 66 6e 65 43 74 76 38 36 41 62 4b 41 51 48 70 2f 76 77 4f 42 2b 38 4e 30 39 44 35 37 66 67 65 45 42 63 61 48 52 33 73 47 2f 6f 67 4a 53 67 69 47 51 63 62 4a 4f 55 72 44 2f 30 51 4d 43 77 6c 45 51 76 32 39 69 73 59 42 78 45 4a 4b 7a 77 75 4f 69 59 78 4e 7a 55 66 52 66 77 6f 4a 41 63 6a 4a 52 42 4d 42 56 52 55 4b 55 73 6f 55 54 41 56 4d 45 39 5a 47 6d 46 4e 4f 42 35 54 49 6c 6f 37 61 46 56 58 52 31 77 71 54 46 31 76 58 57 34 37 5a 54 4a 46 4e 55 74 70 57 57 68 37 Data Ascii: pyUr4jCwXycmbJ+hb/CtaesgLCC0p2ssdKlzaO51dHIxtusuKm/5L7OpJm016iqw7rHxsq6wq3Av9X3ytrJxOb8u9e69roAw/u82fneCtv86AbKAQHp/vwOB+8N09D57fgeEBcaHR3sG/ogJSgiGQcbJOUrD/0QMCwlEQv29isYBxEJKzwuOiYxNzUfRfwoJAcjJRBMBVRUKUsoUTAVME9ZGmFNOB5TIlo7aFVXR1wqTF1vXW47ZTJFNUtpWWh7
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 71 6b 70 48 69 2b 65 6f 6d 62 77 36 79 6b 69 34 6d 6b 69 61 4c 46 76 35 43 31 6b 73 75 56 30 70 48 49 71 74 79 70 74 73 6d 78 76 39 79 67 30 72 48 64 70 65 4b 68 31 65 4f 67 38 4c 79 71 30 74 54 70 76 74 44 51 35 62 50 56 39 38 76 4f 31 75 65 32 32 4f 32 38 2b 51 58 69 78 76 58 59 39 2b 44 30 76 2b 44 50 41 78 50 6f 33 76 48 4d 45 2f 66 53 44 2b 54 54 43 77 6b 67 2b 75 73 69 39 66 72 30 49 75 54 78 4a 68 54 6a 39 43 77 57 2b 41 34 47 4a 65 38 64 41 53 33 76 4c 41 33 31 4e 78 77 74 39 6b 44 2b 4f 51 38 30 2f 68 41 55 4e 6b 59 43 4e 69 4e 43 47 67 41 39 4c 42 73 49 4b 68 41 6b 49 55 45 71 4f 42 4a 51 52 43 70 4a 50 52 49 73 56 56 5a 68 50 52 30 77 52 6b 68 4c 4e 6a 6c 66 4a 47 74 48 55 44 78 75 54 31 4e 70 5a 54 55 7a 54 47 64 62 64 6e 68 4b 50 30 42 56 68 Data Ascii: qkpHi+eombw6yki4mkiaLFv5C1ksuV0pHIqtyptsmxv9yg0rHdpeKh1eOg8Lyq0tTpvtDQ5bPV98vO1ue22O28+QXixvXY9+D0v+DPAxPo3vHME/fSD+TTCwkg+usi9fr0IuTxJhTj9CwW+A4GJe8dAS3vLA31Nxwt9kD+OQ80/hAUNkYCNiNCGgA9LBsIKhAkIUEqOBJQRCpJPRIsVVZhPR0wRkhLNjlfJGtHUDxuT1NpZTUzTGdbdnhKP0BVh
2024-10-04 13:11:04 UTC	1369	IN	Data Raw: 36 6c 4b 4f 63 78 4c 65 65 77 4d 69 37 6f 73 54 47 6b 74 54 4f 75 62 69 39 74 35 6a 65 34 4a 36 68 74 4e 36 65 6e 39 6d 31 35 39 58 64 36 73 72 57 72 62 6a 4a 34 65 66 79 34 65 33 44 72 38 2b 34 73 74 50 76 36 76 37 78 77 64 66 52 35 4e 48 50 77 74 33 63 35 41 49 42 33 50 37 6e 35 74 7a 73 7a 51 34 48 44 68 62 55 45 2f 76 6b 2f 42 37 6d 38 2f 6f 63 48 76 50 79 45 41 6a 30 39 66 7a 30 2b 53 44 32 35 41 45 49 36 65 6b 67 44 67 34 45 43 67 6b 51 4e 53 54 32 50 6a 51 78 44 54 6f 54 51 44 49 32 4a 6b 55 53 4e 68 30 34 54 54 38 4e 4c 67 70 42 49 79 59 73 51 7a 45 7a 4f 43 64 55 55 45 55 56 51 42 77 38 51 6a 4e 54 51 6c 70 49 4d 6c 70 59 56 43 5a 66 50 47 4e 76 54 55 56 67 4b 7a 4e 4d 5a 6d 74 53 53 30 51 7a 52 6a 74 55 64 58 46 50 63 55 4e 33 54 6e 31 67 64 49 Data Ascii: 6lKOcxLeewMi7osTGktTOubi9t5je4J6htN6en9m159Xd6srWrbjJ4efy4e3Dr8+4stPv6v7xwdfR5NHPwt3c5AIB3P7n5tzszQ4HDhbUE/vk/B7m8/ocHvPyEAj09fz0+SD25AEI6ekgDg4ECgkQNST2PjQxDToTQDI2JkUSNh04TT8NLgpBIyYsQzEzOCdUUEUVQBw8QjNTQlpIMlpYVCZfPGNvTUVgKzNMZmtSS0QzRjtUdXFPcUN3Tn1gdI

Timestamp	Bytes transferred	Direction	Data
2024-10-04 13:11:04 UTC	496	OUT	POST /report/v4?s=Va%2FhMvJ%2BULxr9QQUl%2FAnbXp44pJpY83RbfEN3pWoGNvpBV36eftnvnMSYNi9Pr%2BRv8q3W7lIuMj0jIC1lVnWJmvPejCcJRKHydTiqe6DXGiRrptfgoRS27BprLuGPjEU1bABTV72Rtns1zC%2BpST2 HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 451 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-04 13:11:04 UTC	451	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 36 37 34 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 31 33 2e 36 39 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 35 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6c 30 67 69 6e 2d 6d 69 63 72 6f 73 6f 2e 66 74 6c Data Ascii: [{"age":0,"body":{"elapsed_time":674,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.26.13.69","status_code":405,"type":"http.error"},"type":"network-error","url":"https://l0gin-microso.ftl
2024-10-04 13:11:04 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Fri, 04 Oct 2024 13:11:04 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close