Windows Analysis Report
http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=

Overview

General Information

Sample URL:	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=
Analysis ID:	1427726
Infos:

Detection

HTMLPhisher

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://activemxmore.com	Matcher: Template: outlook matched with high similarity
Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8fJv43JCBpU7wtlg9JUqh6qp36OAsoTADC5IGPliffpLJL1SuWiM2Jc6Q0GiozT2cYKTN5c2lBO4nQWSMfEOYQUPQB7eb0goZ1hN7tPs5ExtuulgKZ4IQZxGAFVLGbaFdrskViN1WlvqPQGzQLiGLQmlwi7cuiRHJk2FCPHzac003HATsTAeKXAgfIsJ0kqKEsqhi7QtkQuox4i0YSeIQPZ5xrPxMghrJHI1Pzv9qZxY4QZ3IdLy3KEAct7YJops68uVHZ58ZD63t56cjSKmCpWPS4OBtd4zmyu3yAbxdiAGnHSHzD3c201U4Qwx3B6q9BtHbFeoYP5lwY36B6iE7kzba6JeHPERr8zDOO1MD78a5bgHizmpUVB52kjJaYBC7afVYhICoRNu24clEyLyumDwHXgSVRu22JY00GDoxqTAv5W9EHH94lFLiWDeN8hPRfQRWuguV94qf1zUJh3NCIzVFd9slqicG94CDk6zubZKczEWRIJtrip6wzzRZR4F18iFtoeYAdJNNnJE6t8xMxDi6ca64eM5n4KRtZP4dyR0WBE24NzQld9spjyuylzVqkMUjCYwaQx7sc9wZJnlWxNmQmQoHqk7L714J0BUQ91ilbPlVdGSKteAP5ZxvkFhrHlbHX5y77RsjGNeUu7EXmfNrflXz0e1IAcqyiYFqQ7JwVYrp55nrlaTAwQaw5cfFpFdHDS8t0S0VQslWyIoTThup8FWdRcTgR7YvZ6Z0Y0WPshM00bTUsokB3gPUsIakP9PPfOQeOM4h4Rh52bZvzj6CAWw3FHnuQck61alQXq71ho6jA6O9pVLZRi2w0p1RCmYExkuuKBw20DlAJaJ95v8WObtPBuGeQFSnZmSJYoLY27zLhjUmP3jDfMtRg957OXvOknxiMjhOrQAIav5ZzoDOa6FrgKz4I4S2rqleKD2cuCUE80DHphvAna1DVAIEFBH622kMGnYa0TO8UsPjJkT6vVKrvs5b4Nh6QCTw0SG0Lv8FXYZGjSNONygj1mu59MbZp4vpWcqIHzoExnlQg9F4HVnIhSOrFZq44Wu18VKPu8u1wQRN0xRHsfqK7ebNeCSjymkGh5wMe1NKRFyRcpzFF0qMfCAtesMNP7u7c1Tq2HbTmKKz9kfOkFBzic3xEQkuXPBaQuBScNLzxw9HRowb48LmkOTZEetC34NTzpMLcxlK4urVSY7W6SjrHdqlrTYvXLpxabjnJE7N8zJ0yQXEJh5quwLVpKrnwQUH1e4KScx0Mh1k7ZZQg5gLB2H0M8ojYj0Zx4Jphhq3ysoGrnwIsNt3Qa4DitWgMWfk1ZKjganPDLv482NBQgFGrKkJdg0Zdgkef4xwfUlSGRWPTKqJ06qrQKb31c3esnsHs0eHVzzCqwrkgS4hYuJOfVSg7WuzkXhMYvtU53wwAXQQQV8OpRDFMwVTsqtMnLzlg3gm6MTHKKyAFGo5x2KkyGe16IOttnPKq56xSZfCKNdptCu1EfldVAe1i2vLplvQqCojCDVmq8LUKgVpwhCrRQtaTYWikr9K4y4GbZ3C8OwT5siBJU3BLwMEvIXPa7AeFEVREYtNN0GSsZucUxOF4AkAihqsp1H4GCVlAp8opPgSOL4IjSontIYL0oepqWt6ypr9OAxepO6eAbWT4lhx3fj4Exu4tYa2nCccdKqCyxQ9IN2M8jkcyDgcbKhFJrH64UihEJUdgKmZyoMGI6TgKatVVKAEciKhc3yQNs34dp3MOQtwWmNGwhCs1c6evRvHV3xIwBMK1QxQG0nDnakUrWmt9sHEjclfgTXNvKywA5nh6KVtUfnmbJPkcwYwJkL0dIOItmf4sClymg1gwpDH8s2lZ1RJlCJylxhOUwSm8eUvvWM1lpJuRMPRNGA8jjGFRYtLum7DB287YV9kkSOcED3rkDAEWhjNfMyJ9GnLIwSHr11LUPXzt01OEBsASLo7yXRIEftmLm4cn5YiVWRpXTdBuFcnrAuZymHcBbzmxDzVJydFu54rYi2t?cfg=amy.chen@doubleline.com	Matcher: Template: outlook matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 3.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8fJv43JCBpU7wtlg9JUqh6qp36OAsoTADC5IGPliffpLJL1SuWiM2Jc6Q0GiozT2cYKTN5c2lBO4nQWSMfEOYQUPQB7eb0goZ1hN7tPs5ExtuulgKZ4IQZxGAFVLGbaFdrskViN1WlvqPQGzQLiGLQmlwi7cuiRHJk2FCPHzac003HATsTAeKXAgfIsJ0kqKEsqhi7QtkQuox4i0YSeIQPZ5xrPxMghrJHI1Pzv9qZxY4QZ3IdLy3KEAct7YJops68uVHZ58ZD63t56cjSKmCpWPS4OBtd4zmyu3yAbxdiAGnHSHzD3c201U4Qwx3B6q9BtHbFeoYP5lwY36B6iE7kzba6JeHPERr8zDOO1MD78a5bgHizmpUVB52kjJaYBC7afVYhICoRNu24clEyLyumDwHXgSVRu22JY00GDoxqTAv5W9EHH94lFLiWDeN8hPRfQRWuguV94qf1zUJh3NCIzVFd9slqicG94CDk6zubZKczEWRIJtrip6wzzRZR4F18iFtoeYAdJNNnJE6t8xMxDi6ca64eM5n4KRtZP4dyR0WBE24NzQld9spjyuylzVqkMUjCYwaQx7sc9wZJnlWxNmQmQoHqk7L714J0BUQ91ilbPlVdGSKteAP5ZxvkFhrHlbHX5y77RsjGNeUu7EXmfNrflXz0e1IAcqyiYFqQ7JwVYrp55nrlaTAwQaw5cfFpFdHDS8t0S0VQslWyIoTThup8FWdRcTgR7YvZ6Z0Y0WPshM00bTUsokB3gPUsIakP9PPfOQeOM4h4Rh52bZvzj6CAWw3FHnuQck61alQXq71ho6jA6O9pVLZRi2w0p1RCmYExkuuKBw20DlAJaJ95v8WObtPBuGeQFSnZmSJYoLY27zLhjUmP3jDfMtRg957OXvOknxiMjhOrQAIav5ZzoDOa6FrgKz4I4S2rqleKD2cuCUE80DHphvAna1DVAIEFBH622kMGnYa0TO8UsPjJkT6vVKrvs5b4Nh6QCTw0SG0Lv8FXYZGjSNONygj1mu59MbZp4vpWcqIHzoExnlQg9F4HVnIhSOrFZq44Wu18VKPu8u1wQRN0xRHsfqK7ebNeCSjymkGh5wMe1NKRFyRcpzFF0qMfCAtesMNP7u7c1Tq2HbTmKKz9kfOkFBzic3xEQkuXPBaQuBScNLzxw9HRowb48LmkOTZEetC34NTzpMLcxlK4urVSY7W6SjrHdqlrTYvXLpxabjnJE7N8zJ0yQXEJh5quwLVpKrnwQUH1e4KScx0Mh1k7ZZQg5gLB2H0M8ojYj0Zx4Jphhq3ysoGrnwIsNt3Qa4DitWgMWfk1ZKjganPDLv482NBQgFGrKkJdg0Zdgkef4xwfUlSGRWPTKqJ06qrQKb31c3esnsHs0eHVzzCqwrkgS4hYuJOfVSg7WuzkXhMYvtU53wwAXQQQV8OpRDFMwVTsqtMnLzlg3gm6MTHKKyAFGo5x2KkyGe16IOttnPKq56xSZfCKNdptCu1EfldVAe1i2vLplvQqCojCDVmq8LUKgVpwhCrRQtaTYWikr9K4y4GbZ3C8OwT5siBJU3BLwMEvIXPa7AeFEVREYtNN0GSsZucUxOF4AkAihqsp1H4GCVlAp8opPgSOL4IjSontIYL0oepqWt6ypr9OAxepO6eAbWT4lhx3fj4Exu4tYa2nCccdKqCyxQ9IN2M8jkcyDgcbKhFJrH64UihEJUdgKmZyoMGI6TgKatVVKAEciKhc3yQNs34dp3MOQtwWmNGwhCs1c6evRvHV3xIwBMK1QxQG0nDnakUrWmt9sHEjclfgTXNvKywA5nh6KVtUfnmbJPkcwYwJkL0dIOItmf4sClymg1gwpDH8s2lZ1RJlCJylxhOUwSm8eUvvWM1lpJuRMPRNGA8jjGFRYtLum7DB287YV9kkSOcED3rkDAEWhjNfMyJ9GnLIwSHr11LUPXzt01OEBsASLo7yXRIEftmLm4cn5YiVWRpXTdBuFcnrAuZymHcBbzmxDzVJydFu54rYi2t?cfg=amy.chen@doubleline.com

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f...	HTTP Parser: Number of links: 0
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://activemxmore.com/main/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo	HTTP Parser: No <meta name="author".. found

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?e=amy.chen@doubleline.com HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://www.saiengroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main/ HTTP/1.1Host: activemxmore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://www.saiengroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /main/src.js HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87607523f9976753 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/87607523f9976753/1713399298197/6da8eb24f5f53b8a754917a6951c01ddae1de06f17567f971365618217d1d9e9/yq_oSBvvu_XQiGh HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: activemxmore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87607523f9976753/1713399298199/25UtOJ-4PhOhACd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87607523f9976753/1713399298199/25UtOJ-4PhOhACd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1q3jc6cu9q5t33q8gpk7h47pw.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://activemxmore.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-j1fx1ggwwalily23vjiuezfn6ijsocdmg58vgda4fdc/logintenantbranding/0/illustration?ts=636716750610080569 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-j1fx1ggwwalily23vjiuezfn6ijsocdmg58vgda4fdc/logintenantbranding/0/illustration?ts=636716750610080569 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20= HTTP/1.1Host: t.cm.morganstanley.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /teaz/648c482b60b3906833c9304bab170add/JBVNhz/YW15LmNoZW5AZG91YmxlbGluZS5jb20= HTTP/1.1Host: www.saiengroup.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.saiengroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.saiengroup.com/teaz/648c482b60b3906833c9304bab170add/JBVNhz/YW15LmNoZW5AZG91YmxlbGluZS5jb20=Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: t.cm.morganstanley.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2780sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 573412a78ad2aa1sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_71.2.dr

String found in binary or memory: https://account.live.com/resetpassword.aspx

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@21/88@42/16

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,11732126496717548433,17344427469454119980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,11732126496717548433,17344427469454119980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.195.19.97	sni1gl.wpc.upsiloncdn.net	United States	15133	EDGECASTUS	false
44.236.226.13	morganstanley-mid-prod2-alb-1529755948.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
52.96.173.162	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
120.136.14.8	www.saiengroup.com	Japan	9371	SAKURA-CSAKURAInternetIncJP	false
52.96.183.242	LYH-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.4.44	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.98.54.45	activemxmore.com	United States	53667	PONYNETUS	false
193.222.96.117	bc1q3jc6cu9q5t33q8gpk7h47pw.com	Germany	3303	SWISSCOMSwisscomSwitzerlandLtdCH	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
108.177.122.99	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bc1q3jc6cu9q5t33q8gpk7h47pw.com	193.222.96.117	true
cs1100.wpc.omegacdn.net	152.199.4.44	true
activemxmore.com	198.98.54.45	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
LYH-efz.ms-acdc.office.com	52.96.183.242	true
morganstanley-mid-prod2-alb-1529755948.us-west-2.elb.amazonaws.com	44.236.226.13	true
part-0013.t-0009.t-msedge.net	13.107.246.41	true
cdnjs.cloudflare.com	104.17.25.14	true
sni1gl.wpc.upsiloncdn.net	152.195.19.97	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	108.177.122.99	true
part-0012.t-0009.t-msedge.net	13.107.213.40	true
www.saiengroup.com	120.136.14.8	true
aadcdn.msauthimages.net	unknown	unknown
passwordreset.microsoftonline.com	unknown	unknown
outlook.office.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
t.cm.morganstanley.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.saiengroup.com/teaz/648c482b60b3906833c9304bab170add/JBVNhz/YW15LmNoZW5AZG91YmxlbGluZS5jb20=	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87607523f9976753/1713399298199/25UtOJ-4PhOhACd	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	false		high
https://aadcdn.msauthimages.net/dbd5a2dd-j1fx1ggwwalily23vjiuezfn6ijsocdmg58vgda4fdc/logintenantbranding/0/illustration?ts=636716750610080569	false	0%, Virustotal, Browse	unknown
https://activemxmore.com/main/	false		unknown
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87607523f9976753	false		high
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css	false	0%, Virustotal, Browse	unknown
https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeoesM0oZ-JoCnVyLvV_7L8OnVG8mkb7Ytp9uxtOn6P5Y_XoucrR59-fDs1d7R98of0&mkt=en-US&hosted=0&device_platform=Windows+10	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1	false		high
https://bc1q3jc6cu9q5t33q8gpk7h47pw.com/api/v3/auth	false	1%, Virustotal, Browse	unknown
http://www.saiengroup.com/favicon.ico	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg	false	URL Reputation: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87607523f9976753/1713399298197/6da8eb24f5f53b8a754917a6951c01ddae1de06f17567f971365618217d1d9e9/yq_oSBvvu_XQiGh	false		high
https://activemxmore.com/main/src.js	false		unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://activemxmore.com/favicon.ico	false		unknown
https://outlook.office.com/mail/favicon.ico	false		high
http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	false		high
https://activemxmore.com/main/main.php	false		unknown
https://activemxmore.com/?e=amy.chen@doubleline.com	false		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text, with CRLF line terminators	11FE4E6509513DB245F1F97E37C5D3AB	05322C35B6BFAE84CE8C626BD7B1F8C4A6F15A6D	78D437B40A85299F96ED9D02E35F23FD3D3EF63D844D8D2523A15516F7E1D09C
Chrome Cache Entry: 101	ASCII text, with very long lines (42414)	374FEC8B5E50CD6AB980F3FEF21A5AA0	7F474607991A19B6F1B78CC32E0F75B501B60774	8AF2DA74872F03E058AB79A584176D2086AFC01BBD42DD2ED14259179341BE6A
Chrome Cache Entry: 102	ASCII text, with very long lines (39257), with CRLF line terminators	DA9DC1C32E89C02FC1E9EEB7E5AAB91E	3EFB110EFA6068CE6B586A67F87DA5125310BC30	398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
Chrome Cache Entry: 103	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	8DC34013E911C5F68FC2BCA0400CB06F	16BAFA91AF100D65C4945F04E0C6E1643B98CF00	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
Chrome Cache Entry: 104	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced	D4FFE61373F6AA32EEB8CA7CD41AB980	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
Chrome Cache Entry: 105	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 106	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 448x448, components 3	9BD7FB937F3E3B9A42B519A3E00F2014	92C14ABD0BDB017613C6064B9A3E48D25712BA80	52940F1B8CB895AE2552019EB2819706E3470950988E322BCE11963E853C1245
Chrome Cache Entry: 107	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 108	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	ACA0F1B02DC406E76DDC5F2BDEBEC6CE	594C930BE86B8843377565E349D2A10F1755A13A	0446C6FD9AEB7DCD7CC089FA25323B1AE9AFA77B4CF8D4449F7D2D1B2467393A
Chrome Cache Entry: 109	ASCII text, with no line terminators	D6B82198AF25D0139723AF9E44D3D23A	D60DEEF1847EEEF1889803E9D3ADC7EDA220F544	A5C8CC49FA6649BE393EF22C2B31F1C46B671F8D763F783ED6D7B4E33669BDA3
Chrome Cache Entry: 110	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 448x448, components 3	9BD7FB937F3E3B9A42B519A3E00F2014	92C14ABD0BDB017613C6064B9A3E48D25712BA80	52940F1B8CB895AE2552019EB2819706E3470950988E322BCE11963E853C1245
Chrome Cache Entry: 111	ASCII text, with no line terminators	D1690731F22021E1466FBCD0DB6326EF	78F95BA0B7F82BBB7067000242DE860594ABD9C3	490216DF4F089BB5C249BCF4034D0671254CA4236EC3ECA935AAC4B17E0FC7F3
Chrome Cache Entry: 112	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
Chrome Cache Entry: 113	ASCII text, with CRLF line terminators	DBFAC7887A157C9B73DC42927FC15B74	435FD188BF66F0207EEB298DD13228D17D36E4D1	FC66E3943BC6EDC7B1F79D952D31DABCBA3BD576190DEEB9A7518CEE6B75C5A1
Chrome Cache Entry: 114	GIF image data, version 89a, 22 x 22	309B41EE7A44BD51E5D1B52CCC620E5B	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
Chrome Cache Entry: 115	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 116	GIF image data, version 89a, 22 x 22	309B41EE7A44BD51E5D1B52CCC620E5B	B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08	F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
Chrome Cache Entry: 117	GIF image data, version 89a, 24 x 24	93DE6FB07C1382459E473381DA5D0E7E	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
Chrome Cache Entry: 118	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 119	ASCII text, with CRLF line terminators	90EA7274F19755002360945D54C2A0D7	647B5D8BF7D119A2C97895363A07A0C6EB8CD284	40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
Chrome Cache Entry: 120	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513	4E3510919D29D18EEB6E3E8B2687D2F5	31522A9EC576A462C3F1FFA65C010D4EB77E9A85	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
Chrome Cache Entry: 121	GIF image data, version 89a, 24 x 24	93DE6FB07C1382459E473381DA5D0E7E	4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A	E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
Chrome Cache Entry: 122	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced	36AFB641BECFAD75FED5F4E6E8C39268	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
Chrome Cache Entry: 70	ASCII text, with very long lines (65329), with CRLF line terminators	C89EAA5B28DF1E17376BE71D71649173	2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD	66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
Chrome Cache Entry: 71	HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators	F37FBB9D60F0F596AC811DCD28047770	0860242D78DB7DC2D16D3035B5EB802B1DE11048	D8D7795E4A6F5CD59E946CD5AA62BDF4716BD98A45659663806204D586CEC4CB
Chrome Cache Entry: 72	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	8EDFCD3F7A179CFF6B123DFF50F29770	7A2D9BB4B9F6072AB3049E6421021A5BA0A3DADF	D0B747C7F7414A08B0D5107832B2F4BB44A9BB4A3AAD28390F58EDE8BBEA6AE1
Chrome Cache Entry: 73	HTML document, ASCII text, with very long lines (33188), with no line terminators	A63F9AC8E242BF3D868574AAD5732642	C8C4291FEAF6F87E96958933F8193142C35755C2	3AEC09EBED51282F52B8C2AAD364360FC82D96C018364984DCDE5DDB019C3547
Chrome Cache Entry: 74	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 75	PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced	8DC34013E911C5F68FC2BCA0400CB06F	16BAFA91AF100D65C4945F04E0C6E1643B98CF00	795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
Chrome Cache Entry: 76	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel	877784A5F5808CEFA2B61E73BFCF8EAE	6A0E7EDA2734D7BBBA3CE38D37B347DF001B1DBF	BE7F0632337BC381D4962125545A5CC3C1E84E2D03DBDB97AB3D79AD78B91B6D
Chrome Cache Entry: 77	ASCII text, with very long lines (61177)	F0E5964F8BBEDF73D2D3001623BB663B	AADF3504D5E5A93E678487EEB4A63398F2699341	9537F00CA371747A97A2ACCA388F7B2379A7FA7C59BDE18C3D2621C0DE8DE492
Chrome Cache Entry: 78	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 79	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced	C651D60A08FF0F579E2EB9BE6043A3C6	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
Chrome Cache Entry: 80	HTML document, ASCII text	83B862BEAD2D480026254FB2A6EB9969	26BAD9E6C1579172B0E3B6BC1C18918164FF6478	FB258CB538CA92D61C8CD4EB08CC23DA70C278B8766EAA731CE11E9B2F1DA4D4
Chrome Cache Entry: 81	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 82	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel	AC16FA7FC862073B02ACD1187FC6DEF4	F2B9A6255F6293000F30EEE272ABDD372A14E9D3	E35D94B76894D6ECA96FF5B1A12D94DFE73485EF3C52CB5B4395BE8FFAC1CB45
Chrome Cache Entry: 83	HTML document, Unicode text, UTF-8 text, with very long lines (1237), with CRLF line terminators	DA43FE897E5066A4F5FACD3D2DE56E1A	27116C7257E124073FA5A231A498DEEBE703717C	641D57260C596E978E3E2986D10FE90D5EE22716C7C5BAB91C82595942980694
Chrome Cache Entry: 84	PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced	BC89C1FBFBC227DC5A7ED9B2797E240D	8A9390297FDD0963C466CF2FD35D5B1F88A46B6A	744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
Chrome Cache Entry: 85	ASCII text, with CRLF line terminators	A17520454D4A65A399B863B5CC46D3FC	0A02C72D7AFCD5198C590108E7F2302A1F75544D	62E5E7DC19D018BEDB24E2C89ED41271B9D94A6DDE3359CC9CABBC315385C0E5
Chrome Cache Entry: 86	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513	4E3510919D29D18EEB6E3E8B2687D2F5	31522A9EC576A462C3F1FFA65C010D4EB77E9A85	1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
Chrome Cache Entry: 87	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 88	PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced	36AFB641BECFAD75FED5F4E6E8C39268	2495652F017B7A06D796AFE9C4A06ECD54F9CCFE	5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
Chrome Cache Entry: 89	PNG image data, 6 x 97, 8-bit/color RGB, non-interlaced	70178C782839D09A3820516309D53DF6	A51BC05CDD02737733D91CEE81E22B9C5833DD69	DED4B636CF6EB1D2C5847F9814B7098D50AB24EC4CEB6B54DC8ABA0BDEB26C92
Chrome Cache Entry: 90	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 110554	C60D83111FACE767A068BE9B5178B887	BDBE2ED3247BB647CB318A9D0A4182E65B66473D	62F6067588E8E74833692A1511AC8AF5B66F380E8BFC842B7EC7B2785494AEC3
Chrome Cache Entry: 91	PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced	C651D60A08FF0F579E2EB9BE6043A3C6	E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55	7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
Chrome Cache Entry: 92	ASCII text, with CRLF line terminators	A870B45AC5D6B0D4E18C4829C7B660B4	2D3CA0E1F19EFDEB9B2DD3DCFFB17F8ABA118AA0	144524233F795D6A425B76F7AE5C0BB622B5F67E2E6AE73532AD526528CA07CF
Chrome Cache Entry: 93	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 94	PNG image data, 6 x 97, 8-bit/color RGB, non-interlaced	70178C782839D09A3820516309D53DF6	A51BC05CDD02737733D91CEE81E22B9C5833DD69	DED4B636CF6EB1D2C5847F9814B7098D50AB24EC4CEB6B54DC8ABA0BDEB26C92
Chrome Cache Entry: 95	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 96	PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced	D4FFE61373F6AA32EEB8CA7CD41AB980	4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674	D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
Chrome Cache Entry: 97	MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel	877784A5F5808CEFA2B61E73BFCF8EAE	6A0E7EDA2734D7BBBA3CE38D37B347DF001B1DBF	BE7F0632337BC381D4962125545A5CC3C1E84E2D03DBDB97AB3D79AD78B91B6D
Chrome Cache Entry: 98	ASCII text, with CRLF line terminators	B3D7A123BE5203A1A3F0F10233ED373F	F4C61F321D8F79A805B356C6EC94090C0D96215C	EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
Chrome Cache Entry: 99	JSON data	2D7D30EA1C6F925302D2C3ABED382951	5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1	83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://activemxmore.com	Matcher: Template: outlook matched with high similarity
Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8fJv43JCBpU7wtlg9JUqh6qp36OAsoTADC5IGPliffpLJL1SuWiM2Jc6Q0GiozT2cYKTN5c2lBO4nQWSMfEOYQUPQB7eb0goZ1hN7tPs5ExtuulgKZ4IQZxGAFVLGbaFdrskViN1WlvqPQGzQLiGLQmlwi7cuiRHJk2FCPHzac003HATsTAeKXAgfIsJ0kqKEsqhi7QtkQuox4i0YSeIQPZ5xrPxMghrJHI1Pzv9qZxY4QZ3IdLy3KEAct7YJops68uVHZ58ZD63t56cjSKmCpWPS4OBtd4zmyu3yAbxdiAGnHSHzD3c201U4Qwx3B6q9BtHbFeoYP5lwY36B6iE7kzba6JeHPERr8zDOO1MD78a5bgHizmpUVB52kjJaYBC7afVYhICoRNu24clEyLyumDwHXgSVRu22JY00GDoxqTAv5W9EHH94lFLiWDeN8hPRfQRWuguV94qf1zUJh3NCIzVFd9slqicG94CDk6zubZKczEWRIJtrip6wzzRZR4F18iFtoeYAdJNNnJE6t8xMxDi6ca64eM5n4KRtZP4dyR0WBE24NzQld9spjyuylzVqkMUjCYwaQx7sc9wZJnlWxNmQmQoHqk7L714J0BUQ91ilbPlVdGSKteAP5ZxvkFhrHlbHX5y77RsjGNeUu7EXmfNrflXz0e1IAcqyiYFqQ7JwVYrp55nrlaTAwQaw5cfFpFdHDS8t0S0VQslWyIoTThup8FWdRcTgR7YvZ6Z0Y0WPshM00bTUsokB3gPUsIakP9PPfOQeOM4h4Rh52bZvzj6CAWw3FHnuQck61alQXq71ho6jA6O9pVLZRi2w0p1RCmYExkuuKBw20DlAJaJ95v8WObtPBuGeQFSnZmSJYoLY27zLhjUmP3jDfMtRg957OXvOknxiMjhOrQAIav5ZzoDOa6FrgKz4I4S2rqleKD2cuCUE80DHphvAna1DVAIEFBH622kMGnYa0TO8UsPjJkT6vVKrvs5b4Nh6QCTw0SG0Lv8FXYZGjSNONygj1mu59MbZp4vpWcqIHzoExnlQg9F4HVnIhSOrFZq44Wu18VKPu8u1wQRN0xRHsfqK7ebNeCSjymkGh5wMe1NKRFyRcpzFF0qMfCAtesMNP7u7c1Tq2HbTmKKz9kfOkFBzic3xEQkuXPBaQuBScNLzxw9HRowb48LmkOTZEetC34NTzpMLcxlK4urVSY7W6SjrHdqlrTYvXLpxabjnJE7N8zJ0yQXEJh5quwLVpKrnwQUH1e4KScx0Mh1k7ZZQg5gLB2H0M8ojYj0Zx4Jphhq3ysoGrnwIsNt3Qa4DitWgMWfk1ZKjganPDLv482NBQgFGrKkJdg0Zdgkef4xwfUlSGRWPTKqJ06qrQKb31c3esnsHs0eHVzzCqwrkgS4hYuJOfVSg7WuzkXhMYvtU53wwAXQQQV8OpRDFMwVTsqtMnLzlg3gm6MTHKKyAFGo5x2KkyGe16IOttnPKq56xSZfCKNdptCu1EfldVAe1i2vLplvQqCojCDVmq8LUKgVpwhCrRQtaTYWikr9K4y4GbZ3C8OwT5siBJU3BLwMEvIXPa7AeFEVREYtNN0GSsZucUxOF4AkAihqsp1H4GCVlAp8opPgSOL4IjSontIYL0oepqWt6ypr9OAxepO6eAbWT4lhx3fj4Exu4tYa2nCccdKqCyxQ9IN2M8jkcyDgcbKhFJrH64UihEJUdgKmZyoMGI6TgKatVVKAEciKhc3yQNs34dp3MOQtwWmNGwhCs1c6evRvHV3xIwBMK1QxQG0nDnakUrWmt9sHEjclfgTXNvKywA5nh6KVtUfnmbJPkcwYwJkL0dIOItmf4sClymg1gwpDH8s2lZ1RJlCJylxhOUwSm8eUvvWM1lpJuRMPRNGA8jjGFRYtLum7DB287YV9kkSOcED3rkDAEWhjNfMyJ9GnLIwSHr11LUPXzt01OEBsASLo7yXRIEftmLm4cn5YiVWRpXTdBuFcnrAuZymHcBbzmxDzVJydFu54rYi2t?cfg=amy.chen@doubleline.com	Matcher: Template: outlook matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 3.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f...	HTTP Parser: Number of links: 0
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://activemxmore.com/main/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal	HTTP Parser: No favicon

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo	HTTP Parser: No <meta name="author".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo	HTTP Parser: No <meta name="author".. found

Source: https://activemxmore.com/main/main.php#Z0JW4xC8o5rmgQhMFZffZ8eNP94q2Js1KbXPIAX7FotWfKIVKYaJ6owWxBmAkOC5ZzUI9RPPgiLw3urNsCwz12vyER9YFL3ElYnuQdk7v6DzA4m3GTCIW7gAYqzEbDjwBG1rTlypsbY2gl6XeJFaQWLPmkuxXN4yu6ZosyOUKNW083YnMDyDAjtWDXuALz9gF8E7Hs1rgYso1qLO4jsEDVAgT5RFE0Vk9zrQ2shirKHtatheNKSqFtGzzyedy9xHJZyMsQ5TANmKgEZ3pSu4lbEUJT8h2GZMGxz8nE2YrpII3IMsAgxVscQb5Zt8FtUm1uuo8wmAV5jZN5snm0jPca1h9uqPYlbZPGoXcLy8QR7EXz2kzm9Mwa4GFuwDPIDEo1CBMbJD2Qi0qkl0HuMeFRUklrYb9BPyDs9qDS3GIlH9G29nxWBcNwx8Xwk78aFLCObgGfWpAEzhGIEdEgqsMXAKuVRC5xoIlAY2PVsqz1HfKmtpCTRpRs9mn1ZsynbUX9WN4peDrVTbinAUhsj8UtvhvuK3RVYP5VD9kRNLNHW54x0lZkuTNZbjtWnlSlbXgP7AGUmuCjzGQz1QTwKHwW00SomLJxIZnPA4KXymg827I4YBBIj7Fk7xItis11soQ3sA00Wg9ZoR4mtF4MMJ7ThQnAioBLMsOf3Og05pZtg4QJJUwwEEpWuNxNb8yYBndEctEiSEL8ICSrwoXb2n8xaFlmOUkphy3u1IMUmy34aVwGkuSnR0V2GgouaJTshXWjFId2gg7qbD7w70TZ1O1H4qbf95Hr2EKImXLCdS3pwaVDaPDbDETI44YeaFFckpVGmHjAzmZ5xVJIKmTo1N76R5k1LZe5oaLLR5lrrlxYghG1EApFnwLfC5hn5wsuGefyjB0LXyJePqft1F9pcUFO0Wc6tEAaTQIdsJYphID79TAayKALEfzFcLMFqnPkeyxGhv6yeKGnDgyc08XFowlAi8f...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: No <meta name="copyright".. found
Source: https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQQIARAAhZLNa9MAAMWbdq1b0dlNET0IEzzIJG2-0xR2SJt-pFuStU0amoOlaZM0bZqkbdK0uYseB8LAgRcPojt6Ei8Kehi7uPP8DwRFPMiObnoeXh7v8d7t_ZLLRBom0lAa2owhaSh3HyMJHMNwFUSRLgFilAqBWVQjQLhHoecVQhLdzmQ9mXr8xL-3_yNTePN8bbO59fnFIbDR9zx3mstkgiBIO7pudrV01xllrI7dM21jhrwDgBMAOIjGNRuUGofRKYFmYZTCYQInYRQlYRhJt0QabslsqAw4TyizGG9CkCJagx25OuTCoseLUtgKhwuuXMQUWYK4cAgrMhcI4tDjRmzIFy72tcWO2B8JIudxTG3BDaSAZySEZ2r4afS6QPteH7kQZ2KG2q_oiu5MRm3XmXoHsf0oa2_LVLkyq3f8Rcjy42q1gpCmQMlwFxs7xZaUX_TC1rRdsn18Z9uFFFrtg9VCXfLl4XAATjhyx9iFbFKCkOliYbCo2K-apqzkLV0k59uUU1B5vcD2XAItBc1i1RBMexdCbdjrBzZfLpXzou808Www5STOmtfAkS_DeAlSF0h7e9jlVa_RbWBzmOk4vR4KVXlZ1gJK1gdsVt015tREwAl80pg3CmatrxqjsSVW8CZV4uyybMrZPO-5TYyzS2irgyjCjDXyltFG9VCv0_zApcJsvUkTSjB383gFZECD7jShRnAYu3PJvTPkbSxxbkaOfRwjHVezzd6GO3F009IuQ2KGZIS_qeKMtDRtWSdLwLelW8uJVOp2ZCPy4CYUyy0vJ1ORi3S2BLyMnxMXxlcTj-4q9OuVr59-j6nIcTzTLNgMjVMGKs_6XmgV8g8JXrJ0oYQTZTxDDOcNX-34vfmYcbbgHLyXAPYSiePEGsu0-aLYEGmeo...	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 104.104.126.199
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?e=amy.chen@doubleline.com HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://www.saiengroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /main/ HTTP/1.1Host: activemxmore.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: http://www.saiengroup.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /main/src.js HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/54ea73d52131/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87607523f9976753 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: activemxmore.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/main/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/87607523f9976753/1713399298197/6da8eb24f5f53b8a754917a6951c01ddae1de06f17567f971365618217d1d9e9/yq_oSBvvu_XQiGh HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: activemxmore.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e8fed20s9sarctiah9dfo4cnk6
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87607523f9976753/1713399298199/25UtOJ-4PhOhACd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/2lznf/0x4AAAAAAAQ_ajLYJ-oSKSIN/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/87607523f9976753/1713399298199/25UtOJ-4PhOhACd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1520722112:1713395675:Fybv0RgAUcvA2wE1JKV-kLLtV_0tb7lZl_7TvhqJ-Rs/87607523f9976753/573412a78ad2aa1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mail/favicon.ico HTTP/1.1Host: outlook.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v3/auth HTTP/1.1Host: bc1q3jc6cu9q5t33q8gpk7h47pw.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_8owwt4u-33ps0wawi7tmow2.css HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://activemxmore.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msftauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-j1fx1ggwwalily23vjiuezfn6ijsocdmg58vgda4fdc/logintenantbranding/0/illustration?ts=636716750610080569 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://activemxmore.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dbd5a2dd-j1fx1ggwwalily23vjiuezfn6ijsocdmg58vgda4fdc/logintenantbranding/0/illustration?ts=636716750610080569 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20= HTTP/1.1Host: t.cm.morganstanley.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /teaz/648c482b60b3906833c9304bab170add/JBVNhz/YW15LmNoZW5AZG91YmxlbGluZS5jb20= HTTP/1.1Host: www.saiengroup.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.saiengroup.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://www.saiengroup.com/teaz/648c482b60b3906833c9304bab170add/JBVNhz/YW15LmNoZW5AZG91YmxlbGluZS5jb20=Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: t.cm.morganstanley.com

Source: unknown

Source: chromecache_71.2.dr

String found in binary or memory: https://account.live.com/resetpassword.aspx

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.126.199:443 -> 192.168.2.4:49749 version: TLS 1.2

Source: classification engine

Classification label: mal72.phis.win@21/88@42/16

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,11732126496717548433,17344427469454119980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20="
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=2392,i,11732126496717548433,17344427469454119980,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1427726
Product:	CloudBasic
Start time:	02:13:52
Start date:	18.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=