Edit tour

Windows Analysis Report
FW_ FHAS Inc_ - Private and Confidential.msg

Overview

General Information

Sample name:	FW_ FHAS Inc_ - Private and Confidential.msg
Analysis ID:	1431111
MD5:	9df7a23ef75002280cab36951693ad81
SHA1:	7933a22276c49b35fef76fc729addbdefb258ce4
SHA256:	137454d482c2b32419da6525c85b121cd68dfe6ada35e8515c773ae3f8992e19
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Invalid 'sign-in options' or 'sign-up' link found

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 3932 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and Confidential.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 5920 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
4.12.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.12.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.9.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.9.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
4.10.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.10.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
Click to see the 1 entries

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3932, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 4.12.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	Matcher: Template: microsoft matched
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	Matcher: Template: microsoft matched
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	Matcher: Template: microsoft matched

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

HTTP Parser: Number of links: 0

Source: https://mailvlk.com/

HTTP Parser: Base64 decoded: https://mailvlk.com/

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

HTTP Parser: Title: Sign in to Outlook does not match URL

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636	HTTP Parser: No favicon
Source: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636	HTTP Parser: No favicon
Source: https://mailvlk.com/	HTTP Parser: No favicon
Source: https://mailvlk.com/	HTTP Parser: No favicon
Source: https://mailvlk.com/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557	HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No favicon
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No favicon

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="author".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="author".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="author".. found

Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="copyright".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="copyright".. found
Source: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49793 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 26MB later: 34MB

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: Joe Sandbox View	IP Address: 104.47.70.28 104.47.70.28
Source: Joe Sandbox View	IP Address: 13.107.246.69 13.107.246.69
Source: Joe Sandbox View	IP Address: 52.146.76.30 52.146.76.30
Source: Joe Sandbox View	IP Address: 87.240.137.164 87.240.137.164
Source: Joe Sandbox View	IP Address: 87.240.137.164 87.240.137.164

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.195
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9+ronNE95pkpmyw&MD=sRmD9cLz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 HTTP/1.1Host: nam10.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /away.php?rh=8f363019-e908-47e4-a972-890e8e356326 HTTP/1.1Host: away.vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: remixlang=3; remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; remixua=-1%7C-1%7C202%7C3664747857
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: remixlang=3; remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; remixua=-1%7C-1%7C202%7C3664747857
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://vk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/plainsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://assets-usa.mkt.dynamics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://assets-usa.mkt.dynamics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1Host: cxppusa1formui01cdnsa01-endpoint.azureedge.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1Host: assets-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: public-usa.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/?__cf_chl_rt_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mailvlk.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP/1.1Host: mailvlk.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Referer: https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9+ronNE95pkpmyw&MD=sRmD9cLz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAdpEaVUALvzi%2B4T3BgablIS%2BW8e7GqVx7pYMbmXXWto%2BOxs7wssH1ME9/UrkOxQihAL1Udgzz7vCg8vyPFRTwjYo%2BkN6EryOFuUBMSbbCw8x9G0I1dV99l8BqZcKW%2BJ75yS7avOMGnGd4Nk2JOujGFzvTwaiVzDQ0Q6AI1oe4wc01aK0F66fq4C2rCwFLwde/TRZATyCF/dJS5dYWlC9OhIMPwOYtIYpKDbgfhZn4AtqrbChbhLAvciqZIXWuvrHC%2Bkf7LANyVgF83kwm/yTyQvy6FWAs0GEwl1Fv5gFKszbZ8ew/C1F0eP13XW2DhcZoyDCsXvmrBOoZdoCPkLbKhIDZgAACArr3roFmYkUqAHrkAE/nwM55CyGHj85juyddYNQsy5XH5t4ODbWXuZ4wyqV80TbDoJh2dAhzi31Nf4VIJ6Z3DljHfoViS/ZY5Hz%2BevCoFowQcY2qRW4WKx3nmODn05RmO7MDv1WA3TSIFThVlW7JjSb67UR6ZdHgN3wC6UPU2f3Zb/8Ey6/sMzD4%2Bi%2B6N2pYv2K02KUzjB5sVUpIuw9%2Bh3%2BvpDPX2bh1BEIAvIBzu7cqrcuw0QpV5sMP6fk6CLBp3/gdws7mnDtXz3FqRfRtsGfhr1%2BauYcFGQErEesTFPN%2B8AGBlcuiSLybOqbBmqx80mWY6b0qxOw6UHGl7naAEU3A/zjAJM6uDMqhb6F2UWYB1fukjwjYOB9IyVUekPtRfppRQDNvIz9xe1KKHoUI0LSz%2B3GSjrHAw/4F6yk4/cboVIM52AOUZXT/NvIGz1Kj4tQ3jtQ52UhbxWnbemHG27eCeiNMZGsK411PlzY16IZ94pkqBa2gmBD68ckelRrAQ6FyWe4V0QeIu0MdQeM9QbxhIcio0XQBebtxaZpukhU89acYoSl5Dv2Sc22g%2ByKDUVv2QE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713966209User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: A399B0218CAF4CAEA3F2C1ED9368597DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=rickd@gmail.com&_=1713966201970 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-platform-version: "10.0.0"X-Requested-With: XMLHttpRequestsec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /API.php?data=mail&email=rickd@gmail.com&_=1713966201970 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2 HTTP/1.1Host: mailvlk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.149"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2 HTTP/1.1Host: mailvlk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=ogRQcL5HDsanB0cMvgikkzpkcDxJCT9lPmgrHktvP88-1713966186-1.0.1.1-68HMcvgP3WpF8B9DwzKfi36AkCclYUDJHiLKvHVt_KOH346wtfyPHAxyADc1XHFWpxuUgIR8NZOubSJA35rcDA; PHPSESSID=431c9121354a61f8d08e0d9b71dad828
Source: global traffic	HTTP traffic detected: GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1Host: vk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636

Source: global traffic	DNS traffic detected: DNS query: nam10.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: vk.com
Source: global traffic	DNS traffic detected: DNS query: away.vk.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: assets-usa.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: public-usa.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: mailvlk.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 13:42:56 GMTContent-Type: text/htmlContent-Length: 548Connection: closeStrict-Transport-Security: max-age=2592000; preloadx-azure-ref: 20240424T134256Z-168bb8d798bbqgrcawqpfu2sb800000005t000000000fahtx-fd-int-roxy-purgeid: 69112800X-Cache: TCP_MISS
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Wed, 24 Apr 2024 13:42:59 GMTContent-Length: 0Connection: closex-ms-trace-id: e8e9550c23fbd946b636379dc5cdd8b5Strict-Transport-Security: max-age=2592000; preload
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16512Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: B4FhJ7gQDkyc6LnMgA6zBeWL6qUmkh7u9/DQdr10vSrNUGakFHX0Ixa8eUkxBeWSRZEqqiUSFrcSIrcOvniP5MBnPCZCoTqkkrW3YqXlCfXQMZL2NcuXMotqPGPb3OCZWJ2W+IhDnzCYWeIMb+RG9w==$mcGEYlxit0PSw7clGuHchw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16710Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: TLRIbIeO3H8sdZ0BB/PwH/aZb8tBqBmzNWpjLoNaM5K+XwHYW118kCeJT7xLlyNd14a49oXQKLvCSHlZbxX1Rodtg5qrmuc6cwGaY3vAom6xsy7SwM5ky8YcHUN92bw85mSQbtceRYglHOarBqcp/w==$DSKBgHV6XAcH1QQsoxteWw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16710Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 4inhO4jK2Tw6e9vH+K2JfvJsNVIr43xVtIyvA2sQwN6WwjBsGKB9zrl/msMeSKD6bob69VdfGmIJ6cQkRLceZKnTjJeJ7kqeP19Ml/Nxg70EJKAeKe0BUPHZQXli4J5zdR5/fsKusOBgYtQ7K59r1w==$2/j6EI2G5QBb6r7+83KMTw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 24 Apr 2024 13:43:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16774Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 4+67oQNUoYmx32lnufGaWmHayWFqBe/5loOAcQDjm9zOcIcf/rQC12OYsPmOzXuC4CfGNu8Wit3zv2x1mCPJYWRR/OT8MksBYWAksiAGXiFkofMAtekKG1cdb+hsvRFnwr0IoLU7oFg9poZPJMejvA==$L5RIUDG8VcQBRgRttVW6Ww==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 13:43:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedCF-Cache-Status: BYPASSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmpoupm%2F8tfpTwq%2BIK1WQuAhZv%2FS4dUpCIIb8jJZKgMMYJECRZO9xoxbNHe5czNKmoToVc6kUnngDb%2FtAg6Kzs0zd1pa9t7fpI86LlGAK%2FNXH0AmJJIuTEGNdiXWIA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 879685a489922ac5-LAXalt-svc: h3=":443"; ma=86400

Source: FW_ FHAS Inc_ - Private and Confidential.msg	String found in binary or memory: http://schema.org
Source: ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	String found in binary or memory: http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/d
Source: FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_134.7.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e1
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3d
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3d
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	String found in binary or memory: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3d
Source: chromecache_134.7.dr	String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Source: chromecache_94.7.dr, chromecache_125.7.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_94.7.dr, chromecache_125.7.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_94.7.dr, chromecache_125.7.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	String found in binary or memory: https://mailvlk.com
Source: FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	String found in binary or memory: https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2
Source: chromecache_134.7.dr	String found in binary or memory: https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpagefo

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.190.195:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49793 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.troj.winMSG@24/90@32/11

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1542330214-3932.etl

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ FHAS Inc_ - Private and Confidential.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AB733506-5643-415B-A822-6CA743C451B8" "60335182-0ED6-44FC-AF34-5EA391EA0DB6" "3932" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=2032,i,8312414958916213357,7330150477542557016,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 4.12.pages.csv, type: HTML
Source: Yara match	File source: 4.9.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
part-0041.t-0009.t-msedge.net	0%	Virustotal		Browse
mailvlk.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://mailvlk.com/x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2	0%	Avira URL Cloud	safe
https://mailvlk.com/1	0%	Avira URL Cloud	safe
https://mailvlk.com/boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe	0%	Avira URL Cloud	safe
https://mailvlk.com/jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0	0%	Avira URL Cloud	safe
https://mailvlk.com	0%	Avira URL Cloud	safe
https://mailvlk.com/js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8	0%	Avira URL Cloud	safe
https://mailvlk.com/js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf	0%	Avira URL Cloud	safe
https://mailvlk.com/API.php?data=mail&email=rickd@gmail.com&_=1713966201970	0%	Avira URL Cloud	safe
https://mailvlk.com/boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5	0%	Avira URL Cloud	safe
https://mailvlk.com/o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df	0%	Avira URL Cloud	safe
https://mailvlk.com/jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba	0%	Avira URL Cloud	safe
https://mailvlk.com/ASSETS/img/sig-op.svg	0%	Avira URL Cloud	safe
https://mailvlk.com/APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1	0%	Avira URL Cloud	safe
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b	0%	Avira URL Cloud	safe
https://mailvlk.com/ASSETS/img/m_.svg	0%	Avira URL Cloud	safe
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1	0%	Avira URL Cloud	safe
https://mailvlk.com/o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b	0%	Avira URL Cloud	safe
https://mailvlk.com/favicon.ico	0%	Avira URL Cloud	safe
https://mailvlk.com/x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6	0%	Avira URL Cloud	safe
https://mailvlk.com/APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nam10.safelinks.protection.outlook.com	104.47.70.28	true	false		high
a.nel.cloudflare.com	35.190.80.1	true	false		high
away.vk.com	87.240.137.164	true	false		high
part-0041.t-0009.t-msedge.net	13.107.246.69	true	false	0%, Virustotal, Browse	unknown
challenges.cloudflare.com	104.17.2.184	true	false		high
mailvlk.com	104.21.50.148	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.141.104	true	false		high
prdia888eus0aks.mkt.dynamics.com	52.146.76.30	true	false		high
vk.com	87.240.132.72	true	false		high
public-usa.mkt.dynamics.com	unknown	unknown	false		high
assets-usa.mkt.dynamics.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mailvlk.com/024407056a4bd44a76e3518653fce74f66290c7892bf7LOG024407056a4bd44a76e3518653fce74f66290c7892bf8	true		unknown
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits	false		high
https://mailvlk.com/x/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78c2	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/boot/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbe	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/1	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/888799833:1713964597:_2LbCDHkv-P-tuM5wGyxvE8cQNjPu28uIC6w7PvfxTk/879685459c6269e3/16306502cf695e3	false		high
https://assets-usa.mkt.dynamics.com/favicon.ico	false		high
https://mailvlk.com/jq/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d0	false	Avira URL Cloud: safe	unknown
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870	false		high
https://mailvlk.com/js/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d8	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/js/8abb7bfd970b4f43108624cbc2c64b5066290cc184dbf	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/API.php?data=mail&email=rickd@gmail.com&_=1713966201970	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=4Lncfb%2Bf0ZgvAUhn0ZSU26EkkRYS%2Fy3%2F9%2BRSTmUcjYS%2BZr0GpLA7Q1dyMm6Nj3r6WSqlTzqR%2Bmu5ZoPJbyGe6yZelcsnTuZEL0gAXNQa%2FeIZCP6orypMo6DJJ%2F8yMw%3D%3D	false		high
https://mailvlk.com/boot/58461f18f36cbc9854a411ccf4ae8dbb66290c79904d5	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/?__cf_chl_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879685459c6269e3/1713966190447/vp3T4ue4sM7hYw8	false		high
https://mailvlk.com/o/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78df	false	Avira URL Cloud: safe	unknown
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636	false		high
https://mailvlk.com/jq/8abb7bfd970b4f43108624cbc2c64b5066290cc184dba	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879685459c6269e3/1713966190448/a6aceae44c8468ff349a880897d3c52fb1b769f9be6ebd411bda96dd08a8895e/Fd6jCqic8-nVFty	false		high
https://mailvlk.com/ASSETS/img/sig-op.svg	false	Avira URL Cloud: safe	unknown
http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870	false		high
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1894439682:1713964362:f3bhfDBv5QOakV6M8k-1UjyH98EctZInS5uS_6Qc31k/879685369a8a0fc1/fc4adc0f3b83a0b	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/ASSETS/img/m_.svg	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/	false		unknown
https://mailvlk.com/APP-58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe0/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe1	false	Avira URL Cloud: safe	unknown
https://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636	false		high
https://a.nel.cloudflare.com/report/v4?s=djiRKcdhlVlk2aqZBvP%2Bjmnp1abPn%2BnZFZbJbioW2B1Bkgsecp2vstPS%2B2TRR2dXtz77%2B1QYen%2FvmlZVP30BHgPi8cW%2Fn%2FPb3Xemb2QQHFIHg9%2BUf6IPA9cWexvWhQ%3D%3D	false		high
https://mailvlk.com/o/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcb00b	false	Avira URL Cloud: safe	unknown
https://mailvlk.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636	false		high
https://a.nel.cloudflare.com/report/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870	false		high
https://mailvlk.com/x/58461f18f36cbc9854a411ccf4ae8dbb66290c7bcafe6	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=879685459c6269e3	false		high
https://away.vk.com/away.php?rh=8f363019-e908-47e4-a972-890e8e356326	false		high
https://mailvlk.com/APP-8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bc/8abb7bfd970b4f43108624cbc2c64b5066290cc3b78bd	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/hh0d3/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://mailvlk.com	chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	false	Avira URL Cloud: safe	unknown
http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/d	~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	false		high
http://schema.org	FW_ FHAS Inc_ - Private and Confidential.msg	false		high
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_94.7.dr, chromecache_125.7.dr	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3d	chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3d	chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	false		high
https://getbootstrap.com/)	chromecache_94.7.dr, chromecache_125.7.dr	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e1	chromecache_134.7.dr	false		high
https://aka.ms/LearnAboutSenderIdentification	FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	false		high
https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3d	chromecache_108.7.dr, chromecache_121.7.dr, chromecache_127.7.dr	false		high
https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2	FW_ FHAS Inc_ - Private and Confidential.msg, ~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp.0.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_94.7.dr, chromecache_125.7.dr	false		high
https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpagefo	chromecache_134.7.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.47.70.28	nam10.safelinks.protection.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.146.76.30	prdia888eus0aks.mkt.dynamics.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
87.240.137.164	away.vk.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
87.240.132.72	vk.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
104.21.50.148	mailvlk.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431111
Start date and time:	2024-04-24 15:41:56 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FW_ FHAS Inc_ - Private and Confidential.msg
Detection:	MAL
Classification:	mal64.phis.troj.winMSG@24/90@32/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 192.229.211.108, 52.109.2.127, 52.109.2.121, 52.109.2.117, 52.109.0.152, 20.50.80.213, 142.251.2.94, 142.251.2.101, 142.251.2.139, 142.251.2.138, 142.251.2.102, 142.251.2.113, 142.251.2.100, 142.251.2.84, 34.104.35.123, 142.250.141.95, 74.125.137.95, 142.251.2.95, 142.250.101.94, 74.125.137.138, 74.125.137.100, 74.125.137.113, 74.125.137.102, 74.125.137.139, 74.125.137.101
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, prod-wus-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, assets-mkt-usa.azureedge.net, clientservices.googleapis.com, cxppusa1im4t7x7z5iubq.trafficmanager.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, clients2.google.com, ocsp.digicert.com, update.googleapis.com, assets-mkt-usa.afd.azureedge.net, www.bing.com, clients1.google.com, ecs.office.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, onedscolprdneu08.northeurope.cloudapp.azure.com, prod-na.naturallanguageeditorservice.osi.office.net.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, evoke-windowsservices-tas.msedge.net, azureedge-t-prod.trafficmanager.net, cxppusa1formui01cdnsa01-endpoint.azureedge.net, ecs.office.trafficmanager.net, clients.l.google.com, mobil
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.47.70.28	https://nam10.safelinks.protection.outlook.com/ap/b-59584e83/?url=https%3A%2F%2Fsteffeshradvantage.sharepoint.com%2F%3Ab%3A%2Fg%2FETIjdrpSudZGtiSDo79buUwBzFanYCzjnGrCYMAA6-Y-WA%3Fe%3DMBPpYi&data=05%7C02%7Cbosswald%40shepherdins.com%7Cf7b19a236f0e42b3e7b308dc388f42fa%7C477490bc27c740588693f7906a9906d3%7C0%7C0%7C638447435155826970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=JNCJG%2B78oUblJ8v59lDP5k9ZpktmZTq%2BniNYJvZaGdM%3D&reserved=0	Get hash	malicious	Unknown	Browse
	Completed Document _ Inv 09980963-AM_NS_MG_pdf.msg	Get hash	malicious	HTMLPhisher	Browse
	Will You Be Joining Us Next Month .eml	Get hash	malicious	HTMLPhisher	Browse
	NEW PAYMENT INSTRUCTION FOR NHI INV1525970.eml	Get hash	malicious	HTMLPhisher	Browse
	7 photos - shared by DF.eml	Get hash	malicious	Unknown	Browse
13.107.246.69	http://ustteam.com/	Get hash	malicious	Unknown	Browse
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse
	https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bnTFkzW4mU5Ezcfq62d9vtUuGINn2USsIB9YeV8x8Iu5W4FDLy6-2BKqjhTiUn-2FaQ-2BGrq3T-2BGqBAqLUber59up15w-3DVs4O_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkOTiwSdc-2B-2FgPjdAADTWcv8L3HqMFwOmerkXzjwDhJNFd4Lcft0pVsCjftrr0YIbR0wkdFwlzs0ZE-2BrvH4L4d9bI0UMEtu3I1uFXu2qk2Z9Vv-2BQYvTg83dp-2BaElfQAIu9sqQ8XL3xmmPpa4O2GrYCGQ5LVUy-2Feb-2F2iTllWjhAfn3PA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse
	samradapps_datepicker_221114.xlam	Get hash	malicious	Unknown	Browse
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	Payment MT103.xls	Get hash	malicious	Unknown	Browse
	3Shape Unite Installer.exe	Get hash	malicious	Unknown	Browse
	https://wmicrosouab-4ba8.udydzj.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse
52.146.76.30	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	https://u44058082.ct.sendgrid.net/ls/click?upn=u001.wjMLvmoK1OC9dTKy5UL4VbqcIJmZWkGKJypB0ZF6j6rXk8HVnxe0g2af-2BenroUoONz6EEWthgE-2Bi2vVRUosKTZRVQ5v63hCdxrdKCztVooIv51imK8tr-2Bb3beAsH6u-2FNluJlUKmd7nST-2B9m-2Bl2Rgv4y6uHLimO0TjhZzZ-2F-2BDlllJQne3tT99z6x4W12pJpddTL-2BoJ2-2Bdo6961pFN3dV2Rg-3D-3DeWGT_h-2FW4DSvZGhKY-2FmU3Rq-2F3L-2FXo2OZSHdaVvlpgAgHQWDXPYB9CNYi-2FcvonFCbsEhjt9RP-2BQa7dTwbMJOOaP3JRnMW6mQAitl6qAb1EkaAR-2BmnZDE6Bi3ooqtCrrMW-2F3TPNMK3AVi1YKIdTOZivmUJGaXdrtbqCykfnTTkN9KMRy80rdRqf6LWUCYWGeeaXb-2BD6jokMbr-2FaJKvKMHDNWAfHyhaE6QO9pw7souFUseKb40g-3D	Get hash	malicious	HTMLPhisher	Browse
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DlLb9_7VBE-2BPKrWdDFE8TeQU0FNoYmRNt3BbsAfHCQfpyMVcUv91cWM1GbR6tMnpfVZqwoeCii1Z-2FHB6Wp4CGi-2FJ4Nq2flvhbRyRKwbWUqyssDslf87wBQZbBQ0EZsTXlvzjuj1ZnarL4QCJJlvUup-2FiM-2F9GPG6X3nhhKKp6sQ0v-2BBs5Jrrpzc3e5B2aUKKEJUx1Hjrx3xc16wmpK1HmM2sLiNIweMaJlJ9frDis7-2BK565mLw-3D	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/6f8aa86c-81f8-ee11-a1fa-0022482e8338/digitalassets/standaloneforms/4b367e61-8601-ef11-a1fd-0022482f3701	Get hash	malicious	HTMLPhisher	Browse
	infected.docx	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/97c9a062-91f8-ee11-9048-6045bd00330f/digitalassets/standaloneforms/8ba5ff5d-a1f8-ee11-a1ff-6045bd006d62	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/dfec4c64-9df2-ee11-9048-6045bd016f3e/digitalassets/standaloneforms/692fca68-35f7-ee11-a1fd-6045bd098894#msdynmkt_trackingcontext=a1e2f77d-3fb4-4f9b-8447-219d31fdfcd9	Get hash	malicious	HTMLPhisher	Browse
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse
	https://s.id/24SUG	Get hash	malicious	HTMLPhisher	Browse
	https://public-usa.mkt.dynamics.com/api/orgs/0a7d24a6-a2e7-ee11-a1fa-002248322327/r/85djMnaz5k2_HGmLS5k0kAIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F0a7d24a6-a2e7-ee11-a1fa-002248322327%252Fdigitalassets%252Fstandaloneforms%252Fd5658eee-30f1-ee11-904b-7c1e52025f1f%2523msdynmkt_trackingcontext%253Dd3b46fdd-71f2-4bc0-9b92-0eaf5108a2b7%22%2C%22RedirectOptions%22%3A%7B%220%22%3Anull%7D%7D&digest=9ns9FqC3ciHVGp41BMxX%2F1VLzVPpLkxeJ%2FU2sSDEuEY%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee	Get hash	malicious	HTMLPhisher	Browse
87.240.137.164	http://vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t	Get hash	malicious	Unknown	Browse	vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t
	http://vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t	Get hash	malicious	Unknown	Browse	vk.com/away.php?to=https%3A%2F%2Fclubechique.com.br%2Fsigndocumentworking%2Freviewandaligntoday%2Findex.php%3Fuserid%3DYWFyb25wQG1hc3Rlcm1vbGRsbGMuY29t
	http://vk.com/away.php?to=https%3A%2F%2Fgunjansolanki.in%2F%2Fdocumenttosigntoday%2Fpleasesignthelisyeddoc%2Findex.php%3Fuserid%3DdGhvbGxlbWJlYWtAZ2xlbm52YWxsZXlmb29kcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	vk.com/away.php?to=https%3A%2F%2Fgunjansolanki.in%2F%2Fdocumenttosigntoday%2Fpleasesignthelisyeddoc%2Findex.php%3Fuserid%3DdGhvbGxlbWJlYWtAZ2xlbm52YWxsZXlmb29kcy5jb20=
	http://r5vlgjw49.vk.com/away.php?to=http%3A%2F%2F2fDhpVbmR.6.DhpVbmR.Wcbradley.6.Wcbradley.Wcbradley.6.DhpVbmR.DhpVbmR.ad.aclassfencing.net.au%2Fc3doaXRlQHdjYnJhZGxleS5jb20=	Get hash	malicious	HTMLPhisher	Browse	r5vlgjw49.vk.com/away.php?to=http%3A%2F%2F2fDhpVbmR.6.DhpVbmR.Wcbradley.6.Wcbradley.Wcbradley.6.DhpVbmR.DhpVbmR.ad.aclassfencing.net.au%2Fc3doaXRlQHdjYnJhZGxleS5jb20=
	http://vk.com/away.php?to=https://suncrops.fr/old_site/jk/cz///ix3314y/JEHA@novozymes.com	Get hash	malicious	Unknown	Browse	vk.com/away.php?to=https://suncrops.fr/old_site/jk/cz///ix3314y/JEHA@novozymes.com
	http://odnaknopka.ru	Get hash	malicious	Unknown	Browse	vkontakte.ru/share.php?url=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2Fhttp://www.facebook.com/sharer.php?u=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2Fhttp://twitter.com/share?text=%D0%9E%D0%B4%D0%BD%D0%B0%20%D0%BA%D0%BD%D0%BE%D0%BF%D0%BA%D0%B0%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D1%81%D0%B5%D1%85%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%BE%D0%B2%20%D0%B7%D0%B0%D0%BA%D0%BB%D0%B0%D0%B4%D0%BE%D0%BA%20%D0%B8%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D1%85%20%D1%81%D0%B5%D1%82%D0%B5%D0%B9%20-%20%D0%B4%D0%BB%D1%8F%20%D0%92%D0%B0%D1%88%D0%B5%D0%B3%D0%BE%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0&url=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2Fhttp://www.odnoklassniki.ru/dk?st.cmd=addShare&st.s=1&st._surl=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2Fhttp://connect.mail.ru/share?share_url=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2Fhttp://www.livejournal.com/update.bml?event=https%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dcubehttps%3A%2F%2Fodnaknopka.ru%2Fget.html%3Frel%3Dgethttp%3A%2F%2Fodnaknopka.ru%2Fhttp%3A%2F%2Fvk.com%2Fodnaknopkahttp%3A%2F%2Fodnaknopka.ru%2Fblog%2F&subject=%D0%9E%D0%B4%D0%BD%D0%B0%20%D0%BA%D0%BD%D0%BE%D0%BF%D0%BA%D0%B0%20%D0%B4%D0%BB%D1%8F%20%D0%B2%D1%81%D0%B5%D1%85%20%D1%81%D0%B5%D1%80%D0%B2%D0%B8%D1%81%D0%BE%D0%B2%20%D0%B7%D0%B0%D0%BA%D0%BB%D0%B0%D0%B4%D0%BE%D0%BA%20%D0%B8%20%D1%81%D0%BE%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D1%85%20%D1%81%D0%B5%D1%82%D0%B5%D0%B9%20-%20%D0%B4%D0%BB%D1%8F%20%D0%92%D0%B0%D1%88%D0%B5%D0%B3%D0%BE%20%D1%81%D0%B0%D0%B9%D1%82%D0%B0
	http://vk.com/away.php?to=http://vre.doggoneknit.com/mayerbrown.com/cmJsb2NoQG1heWVyYnJvd24uY29t	Get hash	malicious	Unknown	Browse	away.vk.com/away.php
	http://vk.com/away.php?to=http%3A%2F%2F23.oppermanlaw.co.za/Alejandro.Garrido/Alejandro.Garrido@seaboardmarine.com/%2FVerizon&txid=B20200331_1488798683&lid=18207&tid=121811&vno=5&ltid=498307	Get hash	malicious	Unknown	Browse	away.vk.com/away.php
	http://vk.com/away.php?to=https://intuitivelinks.com.au/new/se/Ncsregcomp/chardiman@ncsregcomp.com	Get hash	malicious	HTMLPhisher	Browse	vk.com/away.php?to=https://intuitivelinks.com.au/new/se/Ncsregcomp/chardiman@ncsregcomp.com
	40a510dd9933e02e51e62b91d854aaa2612c41b4bbb99.exe	Get hash	malicious	RedLine, SmokeLoader, Tofsee	Browse	vk.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
challenges.cloudflare.com	https://insidesales-email.com/l/1/17013047/Y/eus.p01-2019.10.02-460581/1/ab/4K6W-nzk0hr_GKydLIdUc0LK4HrUUeoMK4jMzee40WM?lnk=https://cd14fe4e.2690c0a545a7f22e8ae6844c.workers.dev/?qrc=barbara.rentler@ros.com	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://nitftts.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://pwrdevelopment.top/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bnTFkzW4mU5Ezcfq62d9vtUuGINn2USsIB9YeV8x8Iu5W4FDLy6-2BKqjhTiUn-2FaQ-2BGrq3T-2BGqBAqLUber59up15w-3DVs4O_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkOTiwSdc-2B-2FgPjdAADTWcv8L3HqMFwOmerkXzjwDhJNFd4Lcft0pVsCjftrr0YIbR0wkdFwlzs0ZE-2BrvH4L4d9bI0UMEtu3I1uFXu2qk2Z9Vv-2BQYvTg83dp-2BaElfQAIu9sqQ8XL3xmmPpa4O2GrYCGQ5LVUy-2Feb-2F2iTllWjhAfn3PA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2w	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	https://netorg442802-my.sharepoint.com/:b:/g/personal/darek_daronto_com/EeXtnEaZ3XJBqGk13it6odUB-K9vuYAC7zp7SfyciZ3BpQ?e=nkKu2w	Get hash	malicious	Unknown	Browse	104.17.3.184
	https://lithiuimvalley.com/ssd	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DlLb9_7VBE-2BPKrWdDFE8TeQU0FNoYmRNt3BbsAfHCQfpyMVcUv91cWM1GbR6tMnpfVZqwoeCii1Z-2FHB6Wp4CGi-2FJ4Nq2flvhbRyRKwbWUqyssDslf87wBQZbBQ0EZsTXlvzjuj1ZnarL4QCJJlvUup-2FiM-2F9GPG6X3nhhKKp6sQ0v-2BBs5Jrrpzc3e5B2aUKKEJUx1Hjrx3xc16wmpK1HmM2sLiNIweMaJlJ9frDis7-2BK565mLw-3D	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	https://sunhos-my.sharepoint.com/:b:/g/personal/mcaffrey_suncrestcare_com/EVEm8VhV9TBDp7AQUrliImYB4Kt7rXcd_m6-8qNUjxBhTA?e=P3XNTL&xsdata=MDV8MDJ8cHJpY2hhcmRzb25AY2FsdG9uLmNvbXxkM2U5ZTc1MTlkNDA0NmI2OWMzODA4ZGM2M2JhOTA4Y3w3YjU1NzU2YTg5NTg0ZWNlODFkYzVkYTZhYmRiNmE5N3wwfDB8NjM4NDk0OTAwMTUyMzMwMjUxfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=TldIbEg2OTJiSkRUS29RRElmU3dYbTBRQUlqUTBBMXZPcGlIaTlzNnlOQT0%3d	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
away.vk.com	https://vk.com/away.php?to=https://hhu.tmw.temporary.site/wp-includes/myevri&post=809587144_14&cc_key=	Get hash	malicious	Unknown	Browse	87.240.137.164
	https://vk.com/away.php?to=https%3A%2F%2Fhhu.tmw.temporary.site%2Fwp-includes%2Fmyevri&post=809587144_14&cc_key=	Get hash	malicious	Unknown	Browse	87.240.132.78
	https://vk.com/away.php?to=https://hispanoitaliano.cl/ramson/454644230000343/bGxvcmVuYy5jb21ham9hbkB1dmljLmNhdA==	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	87.240.132.78
	https://vk.com/away.php?to=https://mm-00.com/1/pf8m-nqatva-4uipll/zzeiryqk/tlgwwe/?userid=bW5ld3RvbkBzZWEuc2Ftc3VuZy5jb20=	Get hash	malicious	HTMLPhisher	Browse	93.186.225.194
	https://lnkd.in/e2g6D9Pb	Get hash	malicious	Unknown	Browse	87.240.137.164
	https://vk.com/%61%77%61%79.php?profile=hjujhy&to=https%3A%2F%2Fwww.youtube.com%2Fredirect%3Fq%3Draybpms.com/nnn/pruddock@lansdownepartners.com	Get hash	malicious	HTMLPhisher	Browse	93.186.225.194
	http://vk.com/away.php?to=https://harbourbaypartyrental.com/new/auth/miujub/amVubmEubWNjb3lAZGV2cnkuZWR1	Get hash	malicious	Unknown	Browse	93.186.225.194
	https://lnkd.in/e2g6D9Pb	Get hash	malicious	Unknown	Browse	87.240.132.78
	https://vk.com/away.php?to=https://republicagastropub.com.br%2Fcss%2Fadmine%2F748394%2F%2F%2F%2FZWt1bWlhbkBqaGhjLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	87.240.129.133
	https://94o18.vk.com/away.php?to=https%3A%2F%2Fexilien.my%2F%3Fq%3D687474703a2f2f3638725442736d37692e726570756573746f6761732e636f6d2f5a48646c626d3570626d6441596d4e336232396b63484a766347567964476c6c6379356a6232303d	Get hash	malicious	HTMLPhisher	Browse	87.240.132.78
nam10.safelinks.protection.outlook.com	RE.msg	Get hash	malicious	HTMLPhisher	Browse	104.47.55.28
	RE_.msg	Get hash	malicious	Unknown	Browse	104.47.55.28
	https://nam10.safelinks.protection.outlook.com/ap/b-59584e83/?url=https%3A%2F%2Fsteffeshradvantage.sharepoint.com%2F%3Ab%3A%2Fg%2FETIjdrpSudZGtiSDo79buUwBzFanYCzjnGrCYMAA6-Y-WA%3Fe%3DMBPpYi&data=05%7C02%7Cbosswald%40shepherdins.com%7Cf7b19a236f0e42b3e7b308dc388f42fa%7C477490bc27c740588693f7906a9906d3%7C0%7C0%7C638447435155826970%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=JNCJG%2B78oUblJ8v59lDP5k9ZpktmZTq%2BniNYJvZaGdM%3D&reserved=0	Get hash	malicious	Unknown	Browse	104.47.70.28
	FW_.msg	Get hash	malicious	HTMLPhisher	Browse	104.47.58.28
	re.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.47.58.28
	Complete_ Please review and sign your document !.eml	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.47.58.28
	DLWTF Utility Water Main - 100% DESIGN.eml	Get hash	malicious	HTMLPhisher	Browse	104.47.55.28
	f4091d8e-d0cb-93f5-b9d4-8b61d85985d3.eml	Get hash	malicious	HTMLPhisher	Browse	104.47.58.28
	Kristen Puckett shared _knoxdermplastics#Remittance_Notice_pdf_ with you.msg	Get hash	malicious	HTMLPhisher	Browse	104.47.55.28
	email (2).eml	Get hash	malicious	HTMLPhisher	Browse	104.47.58.28
part-0041.t-0009.t-msedge.net	https://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	http://ustteam.com/	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.213.69
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://cfinlaysons-website.mypagecloud.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	http://clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.213.69
	https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bnTFkzW4mU5Ezcfq62d9vtUuGINn2USsIB9YeV8x8Iu5W4FDLy6-2BKqjhTiUn-2FaQ-2BGrq3T-2BGqBAqLUber59up15w-3DVs4O_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkOTiwSdc-2B-2FgPjdAADTWcv8L3HqMFwOmerkXzjwDhJNFd4Lcft0pVsCjftrr0YIbR0wkdFwlzs0ZE-2BrvH4L4d9bI0UMEtu3I1uFXu2qk2Z9Vv-2BQYvTg83dp-2BaElfQAIu9sqQ8XL3xmmPpa4O2GrYCGQ5LVUy-2Feb-2F2iTllWjhAfn3PA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	13.107.246.69
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2	Get hash	malicious	Unknown	Browse	13.107.213.69
	samradapps_datepicker_221114.xlam	Get hash	malicious	Unknown	Browse	13.107.246.69
prdia888eus0aks.mkt.dynamics.com	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://u44058082.ct.sendgrid.net/ls/click?upn=u001.wjMLvmoK1OC9dTKy5UL4VbqcIJmZWkGKJypB0ZF6j6rXk8HVnxe0g2af-2BenroUoONz6EEWthgE-2Bi2vVRUosKTZRVQ5v63hCdxrdKCztVooIv51imK8tr-2Bb3beAsH6u-2FNluJlUKmd7nST-2B9m-2Bl2Rgv4y6uHLimO0TjhZzZ-2F-2BDlllJQne3tT99z6x4W12pJpddTL-2BoJ2-2Bdo6961pFN3dV2Rg-3D-3DeWGT_h-2FW4DSvZGhKY-2FmU3Rq-2F3L-2FXo2OZSHdaVvlpgAgHQWDXPYB9CNYi-2FcvonFCbsEhjt9RP-2BQa7dTwbMJOOaP3JRnMW6mQAitl6qAb1EkaAR-2BmnZDE6Bi3ooqtCrrMW-2F3TPNMK3AVi1YKIdTOZivmUJGaXdrtbqCykfnTTkN9KMRy80rdRqf6LWUCYWGeeaXb-2BD6jokMbr-2FaJKvKMHDNWAfHyhaE6QO9pw7souFUseKb40g-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DlLb9_7VBE-2BPKrWdDFE8TeQU0FNoYmRNt3BbsAfHCQfpyMVcUv91cWM1GbR6tMnpfVZqwoeCii1Z-2FHB6Wp4CGi-2FJ4Nq2flvhbRyRKwbWUqyssDslf87wBQZbBQ0EZsTXlvzjuj1ZnarL4QCJJlvUup-2FiM-2F9GPG6X3nhhKKp6sQ0v-2BBs5Jrrpzc3e5B2aUKKEJUx1Hjrx3xc16wmpK1HmM2sLiNIweMaJlJ9frDis7-2BK565mLw-3D	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/6f8aa86c-81f8-ee11-a1fa-0022482e8338/digitalassets/standaloneforms/4b367e61-8601-ef11-a1fd-0022482f3701	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	infected.docx	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/97c9a062-91f8-ee11-9048-6045bd00330f/digitalassets/standaloneforms/8ba5ff5d-a1f8-ee11-a1ff-6045bd006d62	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/dfec4c64-9df2-ee11-9048-6045bd016f3e/digitalassets/standaloneforms/692fca68-35f7-ee11-a1fd-6045bd098894#msdynmkt_trackingcontext=a1e2f77d-3fb4-4f9b-8447-219d31fdfcd9	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://s.id/24SUG	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30
	https://public-usa.mkt.dynamics.com/api/orgs/0a7d24a6-a2e7-ee11-a1fa-002248322327/r/85djMnaz5k2_HGmLS5k0kAIAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F0a7d24a6-a2e7-ee11-a1fa-002248322327%252Fdigitalassets%252Fstandaloneforms%252Fd5658eee-30f1-ee11-904b-7c1e52025f1f%2523msdynmkt_trackingcontext%253Dd3b46fdd-71f2-4bc0-9b92-0eaf5108a2b7%22%2C%22RedirectOptions%22%3A%7B%220%22%3Anull%7D%7D&digest=9ns9FqC3ciHVGp41BMxX%2F1VLzVPpLkxeJ%2FU2sSDEuEY%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee	Get hash	malicious	HTMLPhisher	Browse	52.146.76.30

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	http://ustteam.com/	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.213.69
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.246.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://cfinlaysons-website.mypagecloud.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://i.imgur.com/EoTj4iI.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	https://i.imgur.com/VlAllek.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	http://clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	40.76.174.66
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	http://ustteam.com/	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.213.69
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.246.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://cfinlaysons-website.mypagecloud.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://i.imgur.com/EoTj4iI.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	https://i.imgur.com/VlAllek.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	http://clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	40.76.174.66
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://campaign-statistics.com/link_click/PJygYHTMZ2_OXDfP/30633247af9f78d20f1e067eab9a8276	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	http://ustteam.com/	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.213.69
	http://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.246.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://cfinlaysons-website.mypagecloud.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	RUNNING_VEGETATION.exe	Get hash	malicious	Sliver	Browse	51.107.17.152
	https://i.imgur.com/EoTj4iI.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	https://i.imgur.com/VlAllek.png	Get hash	malicious	Unknown	Browse	52.174.3.252
	http://clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	40.76.174.66

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://insidesales-email.com/l/1/17013047/Y/eus.p01-2019.10.02-460581/1/ab/4K6W-nzk0hr_GKydLIdUc0LK4HrUUeoMK4jMzee40WM?lnk=https://cd14fe4e.2690c0a545a7f22e8ae6844c.workers.dev/?qrc=barbara.rentler@ros.com	Get hash	malicious	HTMLPhisher	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	https://www.linkedin.com/redir/redirect?url=https%3A%2F%2Flookerstudio%2Egoogle%2Ecom%2Fs%2FscrHqwjeA3k&urlhash=dcQj&trk=public_profile-settings_topcard-website	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	SecuriteInfo.com.Program.Unwanted.5215.4772.1835.exe	Get hash	malicious	PureLog Stealer	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	http://p.ksrndkehqnwntyxlhgto.com	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	SecuriteInfo.com.Program.Unwanted.5215.4772.1835.exe	Get hash	malicious	PureLog Stealer	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	https://colmec.it/category/news	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	https://0_kid43983.inibara.eu/	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	http://ustteam.com/	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
	https://2h.ae/HWtB	Get hash	malicious	Unknown	Browse	20.190.190.195 23.202.57.177 20.114.59.183
6271f898ce5be7dd52b0fc260d0662b3	https://stake.libertariancounterpoint.com/+6N67YCBGYSfgUDfzZBWz4mBQM+X0RyGi80NjJ/FF4eJwViQ	Get hash	malicious	Unknown	Browse	13.107.21.200
	https://funcallback.com	Get hash	malicious	Unknown	Browse	13.107.21.200
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	13.107.21.200
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	13.107.21.200
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	13.107.21.200
	768.xla.xlsx	Get hash	malicious	Unknown	Browse	13.107.21.200
	Gam.xls	Get hash	malicious	Unknown	Browse	13.107.21.200
	szamla_sorszam_8472.xlsm	Get hash	malicious	Unknown	Browse	13.107.21.200
	https://secure.rightsignature.com/signers/72685de1-0891-4676-ba51-0639e8aac386/sign?identity_token=e9BkbAE3-a65UvyeRkxL	Get hash	malicious	HTMLPhisher	Browse	13.107.21.200
	https://www.sigtn.com/utils/emt.cfm?client_id=9195153&campaign_id=73466&link=aHR0cHM6Ly9icm9kbWFuc2dkdG5wZ2VzZWMuY29tL0NrMTgwZG5RbkFPVmZJM0V3ZTZEUDdTWTBYR201dXR4TlhOMkVrTHZBUTFmVUZ2a0tOL2hvd2FyZC5zdGV5bkBsY2F0dGVydG9uLmNvbS9jTGJ2cUtyZ1l5d3dpMkpOM0NGYXdrdW5kSFp4amJBQ2R0RkhneHNS	Get hash	malicious	HTMLPhisher	Browse	13.107.21.200
3b5074b1b5d032e5620f69f9f700ff0e	Proforma Request.exe	Get hash	malicious	AgentTesla	Browse	13.107.5.88
	SecuriteInfo.com.Program.Unwanted.5215.4772.1835.exe	Get hash	malicious	PureLog Stealer	Browse	13.107.5.88
	SecuriteInfo.com.Program.Unwanted.5215.4772.1835.exe	Get hash	malicious	PureLog Stealer	Browse	13.107.5.88
	https://colmec.it/category/news	Get hash	malicious	Unknown	Browse	13.107.5.88
	https://www.clinical-partners.co.uk	Get hash	malicious	Unknown	Browse	13.107.5.88
	EQxFL1u3m1.exe	Get hash	malicious	Quasar	Browse	13.107.5.88
	Mt#879161_YAT_ORER_AY27102_3017182_2LAP183.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	13.107.5.88
	http://stake.libertariancounterpoint.com	Get hash	malicious	Unknown	Browse	13.107.5.88
	https://stake.libertariancounterpoint.com/+6N67YCBGYSfgUDfzZBWz4mBQM+X0RyGi80NjJ/FF4eJwViQ	Get hash	malicious	Unknown	Browse	13.107.5.88
	Spare part list.pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.5.88

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.386500757474311
Encrypted:	false
SSDEEP:	1536:YXdYLcnAgsZ5QmiRaDgv3+Xmgsy8NcAz79ysQqt2cQrokRqoQ6ircm0Fve+JUKyD:nrgT5vgomiGu29qoQfrt0Fvspz3dG5u3
MD5:	73164458C8322EE1CE2C7990D8DD184A
SHA1:	2EA8F326547DEA8B48071DE1EC481AC757D9230A
SHA-256:	B950422EDE7D0A5965EFF89A630134F3351B31C5E5ABDAE1CDEC758336E0B509
SHA-512:	D7559598B6D62947D88404182C4CF961C2407A84B13B3389AC6918DFA3A29424D1E4C9D4565CA56B7624AE35186CAA6249936469EBD230FC60A1DA5FDC8646B1
Malicious:	false
Reputation:	low
Preview:	TH02...... ....8M.......SM01X...,.....8M...........IPM.Activity...........h...............h............H..h\.o......".f...h........ x..H..h\tor ...AppD...h....0.....o....h.'0............h........_`fj...h. 0.@...I.+w...h....H...8.kj...0....T...............d.........2h...............k..............!h.............. h...i.....o...#h....8.........$h x......8....."h.{.......w....'h..............1h.'0.<.........0h....4....kj../h....h.....kjH..h.a..p...\.o...-h .........o...+h{&0.....P.o................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 12:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9846902971855847
Encrypted:	false
SSDEEP:	48:8GNdMTt7KbSHridAKZdA1JehwiZUklqehRdy+3:8GMkSwdy
MD5:	7400AC9B88273B87AD68837774D41288
SHA1:	381B7C8444499939E9B5833B11C80AD91E2CBC64
SHA-256:	F2F3FAA9F0E1A5206D35C321F222A6847017836AFAAD86286EAAE557441F5CC1
SHA-512:	4146E240A50FEE5791527B65C04A00498D0E8DE4C85F48D422EA0BF34C9341B03682ECB036ACBE44A3FD56B2309A21BED2A79C535B3D1EDF3547B9382DC3EB67
Malicious:	false
Preview:	L..................F.@.. ...$+.,....Jo.JM.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XHm....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XVm....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XVm....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XVm...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XXm...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	5.291539444509348
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	FW_ FHAS Inc_ - Private and Confidential.msg
File size:	169'984 bytes
MD5:	9df7a23ef75002280cab36951693ad81
SHA1:	7933a22276c49b35fef76fc729addbdefb258ce4
SHA256:	137454d482c2b32419da6525c85b121cd68dfe6ada35e8515c773ae3f8992e19
SHA512:	b82bbdb647fff0a120761b40c2c30522c8d17f93464e5c39ef0d40ffa21ad61c6d3eb75382b3e4aa42c73bc67ba52a952db540296b600f27af6c6316ccbd966b
SSDEEP:	1536:T1VNWFWbLaICxFQ5wXwqyxWsxVevVeZcyTUcO/9FI/sKcPd78q+PomWlyOl69PXZ:T1VvLaICxJg3GicOrLS+coDj81n8H
TLSH:	BBF3A7213AFA121AF3779F354BE290978536FD53AE149A5F2191330E0A72A41DC61F3B
File Content Preview:	........................>......................................................................................................................................................................................................................................

Subject:	FW: FHAS Inc. - Private and Confidential
From:	Oscar Duran <oscar@mhacb.org>
To:	"landerson@american-pcs.com" <landerson@american-pcs.com>
Cc:
BCC:
Date:	Tue, 23 Apr 2024 22:50:05 +0200
Communications:	From: Sharena Marrs <sharenam@fhasinc.org> Sent: Tuesday, April 23, 2024 1:04 PM To: Sharena Marrs <sharenam@fhasinc.org> Subject: FHAS Inc. - Private and Confidential You don't often get email from sharenam@fhasinc.org <mailto:sharenam@fhasinc.org> . Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0> Hello, Please see enclosed a presentation and proposal from Family Housing Advisory Services for your review. Kindly review and let me know if you have any questions. Thank you! Sharena Marrs, HUD Certified Housing Counselor Tenant Services, Program Director Family Housing Advisory Services, Inc. Over 50 Years Improving housing opportunities and eliminate poverty
Attachments:	image.png image.png Outlook-cid_8b352b.png

Key	Value
Received	from SN7PR19MB7450.namprd19.prod.outlook.com
20	50:05 +0000
ARC-Seal	i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
h=From	Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=pass
by BY3PR06MB8004.namprd06.prod.outlook.com (2603	10b6:a03:3c3::9) with
2024 20	50:05 +0000
(2603	10b6:806:3c2::10) with Microsoft SMTP Server (version=TLS1_2,
Transport; Tue, 23 Apr 2024 20	50:19 +0000
Authentication-Results	spf=pass (sender IP is 40.107.237.126)
Received-SPF	Pass (protection.outlook.com: domain of mhacb.org designates
15.20.7519.19 via Frontend Transport; Tue, 23 Apr 2024 20	50:18 +0000
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed;
by DM4PR19MB6462.namprd19.prod.outlook.com (2603	10b6:8:b5::21) with
([fe80	:174b:a256:8e5a:2f9f%5]) with mapi id 15.20.7472.044; Tue, 23 Apr 2024
From	Oscar Duran <oscar@mhacb.org>
To	"landerson@american-pcs.com" <landerson@american-pcs.com>
Subject	FW: FHAS Inc. - Private and Confidential
Thread-Topic	FHAS Inc. - Private and Confidential
Thread-Index	AQHaladnB9yauye4kEuS3ChYuB7pE7F2VEaA
Date	Tue, 23 Apr 2024 20:50:05 +0000
Message-ID	<SN7PR19MB745038E4E89995601D330806A7112@SN7PR19MB7450.namprd19.prod.outlook.com>
References	<MW4PR17MB47323FAC41D74A8576329B12D9112@MW4PR17MB4732.namprd17.prod.outlook.com>
In-Reply-To	<MW4PR17MB47323FAC41D74A8576329B12D9112@MW4PR17MB4732.namprd17.prod.outlook.com>
Accept-Language	en-US
Content-Language	en-US
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator	msip_labels:
Authentication-Results-Original	dkim=none (message not signed)
x-ms-traffictypediagnostic	SN7PR19MB7450:EE_\|DM4PR19MB6462:EE_\|SN1PEPF0002BA4E:EE_\|BY3PR06MB8004:EE_\|BL0PR06MB4385:EE_
X-MS-Office365-Filtering-Correlation-Id	12a2a023-526d-4f13-ec30-08dc63d6fc83
x-ms-exchange-senderadcheck	1
x-ms-exchange-antispam-relay	0
X-Microsoft-Antispam-Untrusted	BCL:0;
X-Microsoft-Antispam-Message-Info-Original	=?us-ascii?Q?YWbRLX7l5fudXmqsT/iGPzO7byqlqvXhjgt2sye7HthlSPqIo8kgz8+mV7oO?=
X-Forefront-Antispam-Report-Untrusted	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN7PR19MB7450.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005)(38070700009);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount	1
X-MS-Exchange-AntiSpam-MessageData-Original-0	=?us-ascii?Q?6CfJQVzpQasAg6sNbxmW/j5571PfwMtfQjPYeA4DB9DGGaOBzuIf0Onx1L/U?=
Content-Type	multipart/related;
MIME-Version	1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped	BY3PR06MB8004
Return-Path	oscar@mhacb.org
X-MS-Exchange-Organization-ExpirationStartTime	23 Apr 2024 20:50:19.0423
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	12a2a023-526d-4f13-ec30-08dc63d6fc83
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	48af3ff7-1bb2-4e8b-9762-c9e61a8503a9:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped	SN1PEPF0002BA4E.namprd03.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted	SN1PEPF0002BA4E.namprd03.prod.outlook.com
X-MS-PublicTrafficType	Email
X-MS-Exchange-Organization-AuthSource	SN1PEPF0002BA4E.namprd03.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs	14ef9a18-a58d-4f53-325b-08dc63d6f496
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;
X-Forefront-Antispam-Report	CIP:40.107.237.126;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM12-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam12on2126.outbound.protection.outlook.com;CAT:NONE;SFS:(13230031)(4073199003)(5063199003)(5000899004)(5073199003)(22003199003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	23 Apr 2024 20:50:18.6048
X-MS-Exchange-CrossTenant-Network-Message-Id	12a2a023-526d-4f13-ec30-08dc63d6fc83
X-MS-Exchange-CrossTenant-Id	48af3ff7-1bb2-4e8b-9762-c9e61a8503a9
X-MS-Exchange-CrossTenant-AuthSource	SN1PEPF0002BA4E.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-EndToEndLatency	00:00:05.9876527
X-MS-Exchange-Processed-By-BccFoldering	15.20.7472.035
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info	=?us-ascii?Q?ZhvQ2xzRp9rRqeTBAUYUGQrloMzAUlHVVpgc74kxNiwE0dN110xY6wFHzcJ6?=
date	Tue, 23 Apr 2024 22:50:05 +0200

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 15:42:45.755162954 CEST	57505	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:45.755285978 CEST	59486	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:45.909293890 CEST	53	57505	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:45.909310102 CEST	53	59486	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:45.909348011 CEST	53	65239	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:45.925887108 CEST	53	56062	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:46.884076118 CEST	53	58882	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:47.552792072 CEST	58643	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:47.552916050 CEST	59248	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:47.706649065 CEST	53	58643	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:47.707036018 CEST	53	59248	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:49.094326973 CEST	56003	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:49.094476938 CEST	58058	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:49.423394918 CEST	53	58058	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:49.423717022 CEST	53	56003	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:50.339325905 CEST	63943	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:50.339735031 CEST	59575	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:50.493041992 CEST	53	63943	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:50.493128061 CEST	53	59575	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:50.561296940 CEST	63948	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:50.561568975 CEST	53386	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:50.715006113 CEST	53	63948	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:50.715368032 CEST	53	53386	1.1.1.1	192.168.2.17
Apr 24, 2024 15:42:52.792924881 CEST	61322	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:52.795769930 CEST	50064	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:56.482404947 CEST	63929	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:56.482650995 CEST	57840	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:56.762990952 CEST	65514	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:56.763169050 CEST	57543	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:59.040617943 CEST	52387	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:42:59.040781021 CEST	56034	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:03.821806908 CEST	53	50847	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:05.155414104 CEST	61364	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:05.155668974 CEST	62759	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:05.327327013 CEST	53	62759	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:05.402162075 CEST	53	61364	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:06.107243061 CEST	56570	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:06.107381105 CEST	53016	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:06.260498047 CEST	53	56570	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:06.260725021 CEST	53	53016	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:06.820815086 CEST	50972	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:06.820959091 CEST	65428	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:06.974373102 CEST	53	65428	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:06.974798918 CEST	53	50972	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:07.513391972 CEST	60816	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:07.513541937 CEST	58607	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:07.666868925 CEST	53	58607	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:07.667778969 CEST	53	60816	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:07.670506954 CEST	56555	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:07.670811892 CEST	54586	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:07.824063063 CEST	53	54586	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:07.824323893 CEST	53	56555	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:09.332351923 CEST	53295	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:09.332596064 CEST	64304	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:43:09.485677958 CEST	53	53295	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:09.485697031 CEST	53	64304	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:22.710249901 CEST	53	63744	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:24.263885021 CEST	53	63618	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:45.127011061 CEST	53	49338	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:45.640175104 CEST	53	53306	1.1.1.1	192.168.2.17
Apr 24, 2024 15:43:48.470352888 CEST	138	138	192.168.2.17	192.168.2.255
Apr 24, 2024 15:44:06.104749918 CEST	56226	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:44:06.105020046 CEST	59116	53	192.168.2.17	1.1.1.1
Apr 24, 2024 15:44:06.258358955 CEST	53	56226	1.1.1.1	192.168.2.17
Apr 24, 2024 15:44:06.258461952 CEST	53	59116	1.1.1.1	192.168.2.17
Apr 24, 2024 15:44:13.667181969 CEST	53	53490	1.1.1.1	192.168.2.17

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 15:42:51.050493956 CEST	750	OUT	GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: vk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636
Apr 24, 2024 15:42:51.385390043 CEST	612	IN	HTTP/1.1 301 Moved Permanently Server: kittenx Date: Wed, 24 Apr 2024 13:42:51 GMT Content-Type: text/html Content-Length: 164 Connection: keep-alive Location: https://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 X-Frontend: front919200 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: kFXIeclrToPv1S-e5Q4xRjjKa-5ntQ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>kittenx</center></body></html>
Apr 24, 2024 15:43:36.393342972 CEST	6	OUT	Data Raw: 00 Data Ascii:
Apr 24, 2024 15:44:21.733441114 CEST	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:40 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4722 Host: login.live.com
2024-04-24 13:42:40 UTC	4722	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-04-24 13:42:40 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Wed, 24 Apr 2024 13:41:40 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C529_BAY x-ms-request-id: b0799383-9189-433c-bf6e-c76a468a1639 PPServer: PPV: 30 H: PH1PEPF00011E59 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Wed, 24 Apr 2024 13:42:40 GMT Connection: close Content-Length: 10197
2024-04-24 13:42:40 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:45 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=9+ronNE95pkpmyw&MD=sRmD9cLz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 13:42:46 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0bd32b71-e5de-48cd-835b-7ee3caf7e791 MS-RequestId: 4fb0a663-cd12-4dac-be68-a4aa52763335 MS-CV: HawefzJDDEOj47R2.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 13:42:45 GMT Connection: close Content-Length: 24490
2024-04-24 13:42:46 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-24 13:42:46 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:46 UTC	1198	OUT	GET /?url=http%3A%2F%2Fvk.com%2Faway.php%3Fto%3Dhttps%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636&data=05%7C02%7Clanderson%40american-pcs.com%7C12a2a023526d4f13ec3008dc63d6fc83%7C48af3ff71bb24e8b9762c9e61a8503a9%7C0%7C0%7C638495022247675574%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=wmZ9CPEGbqFv%2B8gk%2BkjZ7S5r0b%2B7AC1Ezstrt9P7SuM%3D&reserved=0 HTTP/1.1 Host: nam10.safelinks.protection.outlook.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:47 UTC	718	IN	HTTP/1.1 302 Found Cache-Control: private Content-Type: text/html; charset=utf-8 Location: http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 4.0 X-SL-GetUrlReputation-Verdict: Good X-Robots-Tag: noindex, nofollow X-AspNet-Version: 4.0.30319 X-ServerName: BN7NAM10WS046 X-ServerVersion: 15.20.7519.020 X-ServerLat: 525 X-SafeLinks-Tracking-Id: 58cf4ecc-1dc6-4d7a-9ee1-08dc64646d11 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff X-UA-Compatible: IE=Edge Date: Wed, 24 Apr 2024 13:42:47 GMT Connection: close Content-Length: 282
2024-04-24 13:42:47 UTC	282	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 76 6b 2e 63 6f 6d 2f 61 77 61 79 2e 70 68 70 3f 74 6f 3d 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 39 37 37 39 31 35 37 33 2d 61 39 30 30 2d 65 66 31 31 2d 39 66 38 35 2d 30 30 32 32 34 38 32 38 32 30 32 65 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 62 65 62 32 36 65 31 36 2d 63 35 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 33 62 36 33 36 22 3e 68 65 72 65 3c Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="http://vk.com/away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636">here<

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:48 UTC	800	OUT	GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: vk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:49 UTC	1253	IN	HTTP/1.1 302 Found Server: kittenx Date: Wed, 24 Apr 2024 13:42:48 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116589 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Sat, 26 Apr 2025 02:52:14 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; expires=Thu, 24 Apr 2025 13:42:48 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; path=/; domain=.vk.com Set-Cookie: remixua=-1%7C-1%7C202%7C3664747857; expires=Mon, 28 Apr 2025 03:46:32 GMT; path=/; domain=.vk.com; secure; SameSite=None Cache-control: no-store X-Frame-Options: DENY Location: https://away.vk.com/away.php?rh=8f363019-e908-47e4-a972-890e8e356326 X-Frontend: front919400 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend Origin-Agent-Cluster: ?0 X-Trace-Id: xWE99cqP6dCdU6BdQXsKMsu7boF26Q

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:42:50 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=235229 Date: Wed, 24 Apr 2024 13:42:50 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:50 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 13:42:51 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=235180 Date: Wed, 24 Apr 2024 13:42:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 13:42:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:52 UTC	1103	OUT	GET /away.php?to=https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: vk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: remixlang=3; remixstlid=9093501850070699750_Lnd7fMoCdytxw6KavtEkNYHGJAI8e0XO7DRYGMct8HD; remixsec_redir=https%3A%2F%2Fassets-usa.mkt.dynamics.com%2F97791573-a900-ef11-9f85-00224828202e%2Fdigitalassets%2Fstandaloneforms%2Fbeb26e16-c500-ef11-a1fd-6045bdd3b636; remixua=-1%7C-1%7C202%7C3664747857
2024-04-24 13:42:52 UTC	819	IN	HTTP/1.1 200 OK Server: kittenx Date: Wed, 24 Apr 2024 13:42:52 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 764 Connection: close X-Powered-By: KPHP/7.4.116589 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.vk.com Set-Cookie: remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=vk.com Set-Cookie: remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/ Cache-control: no-store X-Frame-Options: DENY X-Frontend: front918200 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend Origin-Agent-Cluster: ?0 X-Trace-Id: VpC1J3k5W6lvhWN6o-7MVyQ9iI0pUA
2024-04-24 13:42:52 UTC	764	IN	Data Raw: 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 69 6e 70 75 74 20 69 64 3d 22 72 65 64 69 72 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 76 61 6c 75 65 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 39 37 37 39 31 35 37 33 2d 61 39 30 30 2d 65 66 31 31 2d 39 66 38 35 2d 30 30 32 32 34 38 32 38 32 30 32 65 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 62 65 62 32 36 65 31 36 2d 63 35 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 33 62 36 33 36 22 20 2f 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f Data Ascii: <meta name="referrer" content="origin" id="meta_referrer" /><input id="redir" type="hidden" value="https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636" /><script>windo

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:53 UTC	785	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://vk.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:54 UTC	495	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:53 GMT Content-Type: text/html Content-Length: 491 Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: f9ae32cc821d41f6663f3b70de7c5e58 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134253Z-168bb8d798bmmxfd6g2ey15u14000000089000000000dym5 x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 13:42:54 UTC	491	IN	Data Raw: 3c 64 69 76 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 69 64 3d 27 62 65 62 32 36 65 31 36 2d 63 35 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 33 62 36 33 36 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 66 6f 72 6d 2d 61 70 69 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 70 75 62 6c 69 63 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 61 70 69 2f 76 31 2e 30 2f 6f 72 67 73 2f 39 37 37 39 31 35 37 33 2d 61 39 30 30 2d 65 66 31 31 2d 39 66 38 35 2d 30 30 32 32 34 38 32 38 32 30 32 65 2f 6c 61 6e 64 69 6e 67 70 61 67 65 66 6f 72 6d 73 27 0a 20 20 20 20 20 20 20 20 64 61 74 61 2d 63 61 63 68 65 64 2d 66 6f 72 6d 2d 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d Data Ascii: <div data-form-id='beb26e16-c500-ef11-a1fd-6045bdd3b636' data-form-api-url='https://public-usa.mkt.dynamics.com/api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms' data-cached-form-url='https://assets-usa.mkt.dynam

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:54 UTC	592	OUT	GET /usa/FormLoader/FormLoader.bundle.js HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:55 UTC	643	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:54 GMT Content-Type: application/javascript Content-Length: 711081 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:18 GMT ETag: 0x8DC3775981D513B x-ms-request-id: 1266ec00-201e-00aa-410f-96c5eb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240424T134254Z-168bb8d798b4bst68753kwrwcg000000021000000000e68f x-fd-int-roxy-purgeid: 66630197 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 13:42:55 UTC	15741	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 46 6f 72 6d 4c 6f 61 64 65 72 2e 62 75 6e 64 6c 65 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 76 61 72 20 64 33 36 35 6d 6b 74 66 6f 72 6d 73 3b 28 28 29 3d 3e 7b 76 61 72 20 65 2c 74 2c 6e 3d 7b 33 31 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 74 68 69 73 2e 66 65 74 63 68 3d 21 31 2c 74 68 69 73 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 3d 6e 2e 44 4f 4d 45 78 63 65 70 74 69 6f 6e 7d 72 65 74 75 72 6e 20 65 2e 70 72 6f 74 6f Data Ascii: /! For license information please see FormLoader.bundle.js.LICENSE.txt /var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.proto
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 22 29 2c 63 3d 64 28 22 72 65 61 63 74 2e 6d 65 6d 6f 22 29 2c 6c 3d 64 28 22 72 65 61 63 74 2e 6c 61 7a 79 22 29 7d 76 61 72 20 70 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3b 66 75 6e 63 74 69 6f 6e 20 66 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 22 68 74 74 70 73 3a 2f 2f 72 65 61 63 74 6a 73 2e 6f 72 67 2f 64 6f 63 73 2f 65 72 72 6f 72 2d 64 65 63 6f 64 65 72 2e 68 74 6d 6c 3f 69 6e 76 61 72 69 61 6e 74 3d 22 2b 65 2c 6e 3d 31 3b 6e 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 74 2b 3d 22 26 61 72 67 73 5b 5d 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 72 67 75 6d 65 6e 74 73 5b 6e 5d 29 3b 72 65 74 75 72 6e 22 4d 69 6e Data Ascii: "),c=d("react.memo"),l=d("react.lazy")}var p="function"==typeof Symbol&&Symbol.iterator;function f(e){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+e,n=1;n<arguments.length;n++)t+="&args[]="+encodeURIComponent(arguments[n]);return"Min
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 47 56 34 55 45 4a 41 46 67 59 43 6e 6b 41 45 6d 64 4b 43 62 70 36 48 41 44 6d 51 66 44 70 53 51 45 58 63 77 69 41 78 55 61 69 78 47 79 49 4b 47 67 48 6b 4d 6c 41 71 65 43 77 4a 41 67 44 73 74 5a 41 67 51 77 4b 45 6a 68 5a 39 41 52 34 4d 41 41 53 47 46 72 67 30 6d 47 44 43 67 51 49 46 6d 62 4d 73 41 47 42 69 2b 38 36 4b 46 42 68 49 34 63 50 77 6d 7a 61 48 41 30 57 51 66 64 75 53 77 49 53 47 69 43 41 4d 70 56 6a 77 6e 45 67 51 41 49 66 6b 45 43 51 6b 41 4e 41 41 73 41 41 41 41 41 42 34 41 48 67 43 46 42 41 59 45 68 49 61 45 78 4d 62 45 52 45 4a 45 70 4b 61 6b 35 4f 62 6b 5a 47 4a 6b 4c 43 6f 73 6c 4a 61 55 31 4e 62 55 74 4c 61 30 39 50 62 30 48 42 6f 63 56 46 4a 55 64 48 4a 30 6a 49 36 4d 7a 4d 37 4d 72 4b 36 73 37 4f 37 73 50 44 34 38 6e 4a 36 63 33 4e 37 Data Ascii: GV4UEJAFgYCnkAEmdKCbp6HADmQfDpSQEXcwiAxUaixGyIKGgHkMlAqeCwJAgDstZAgQwKEjhZ9AR4MAASGFrg0mGDCgQIFmbMsAGBi+86KFBhI4cPwmzaHA0WQfduSwISGiCAMpVjwnEgQAIfkECQkANAAsAAAAAB4AHgCFBAYEhIaExMbEREJEpKak5ObkZGJkLCoslJaU1NbUtLa09Pb0HBocVFJUdHJ0jI6MzM7MrK6s7O7sPD48nJ6c3N7
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 73 5b 33 5d 3a 7b 73 69 6c 65 6e 74 3a 21 31 7d 3b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 6e 29 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 6e 5b 69 5d 26 26 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 21 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 61 70 70 6c 79 28 6e 5b 69 5d 29 7c 7c 74 68 69 73 2e 61 64 64 52 65 73 6f 75 72 63 65 28 65 2c 74 2c 69 2c 6e 5b 69 5d 2c 7b 73 69 6c 65 6e 74 3a 21 30 7d 29 3b 72 2e 73 69 6c 65 6e 74 7c 7c 74 68 69 73 2e 65 6d 69 74 28 22 61 64 64 65 64 22 2c 65 2c 74 2c 6e 29 7d 7d 2c 7b 6b 65 79 3a 22 61 64 64 52 65 73 6f 75 72 63 65 42 75 6e 64 6c 65 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 76 61 72 20 61 3d 61 72 67 75 6d 65 6e Data Ascii: s[3]:{silent:!1};for(var i in n)"string"!=typeof n[i]&&"[object Array]"!==Object.prototype.toString.apply(n[i])\|\|this.addResource(e,t,i,n[i],{silent:!0});r.silent\|\|this.emit("added",e,t,n)}},{key:"addResourceBundle",value:function(e,t,n,r,i){var a=argumen
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 65 3c 37 3f 32 3a 65 3c 31 31 3f 33 3a 34 29 7d 2c 31 31 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 7c 7c 31 31 3d 3d 65 3f 30 3a 32 3d 3d 65 7c 7c 31 32 3d 3d 65 3f 31 3a 65 3e 32 26 26 65 3c 32 30 3f 32 3a 33 29 7d 2c 31 32 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 65 25 31 30 21 3d 31 7c 7c 65 25 31 30 30 3d 3d 31 31 29 7d 2c 31 33 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 30 21 3d 3d 65 29 7d 2c 31 34 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 31 3d 3d 65 3f 30 3a 32 3d 3d 65 3f 31 3a 33 3d 3d 65 3f 32 3a 33 29 7d 2c 31 Data Ascii: n Number(1==e?0:2==e?1:e<7?2:e<11?3:4)},11:function(e){return Number(1==e\|\|11==e?0:2==e\|\|12==e?1:e>2&&e<20?2:3)},12:function(e){return Number(e%10!=1\|\|e%100==11)},13:function(e){return Number(0!==e)},14:function(e){return Number(1==e?0:2==e?1:3==e?2:3)},1
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 61 73 4c 6f 61 64 65 64 4e 61 6d 65 73 70 61 63 65 28 74 29 3f 74 68 69 73 2e 6c 6f 67 67 65 72 2e 77 61 72 6e 28 27 64 69 64 20 6e 6f 74 20 73 61 76 65 20 6b 65 79 20 22 27 2e 63 6f 6e 63 61 74 28 6e 2c 27 22 20 61 73 20 74 68 65 20 6e 61 6d 65 73 70 61 63 65 20 22 27 29 2e 63 6f 6e 63 61 74 28 74 2c 27 22 20 77 61 73 20 6e 6f 74 20 79 65 74 20 6c 6f 61 64 65 64 27 29 2c 22 54 68 69 73 20 6d 65 61 6e 73 20 73 6f 6d 65 74 68 69 6e 67 20 49 53 20 57 52 4f 4e 47 20 69 6e 20 79 6f 75 72 20 73 65 74 75 70 2e 20 59 6f 75 20 61 63 63 65 73 73 20 74 68 65 20 74 20 66 75 6e 63 74 69 6f 6e 20 62 65 66 6f 72 65 20 69 31 38 6e 65 78 74 2e 69 6e 69 74 20 2f 20 69 31 38 6e 65 78 74 2e 6c 6f 61 64 4e 61 6d 65 73 70 61 63 65 20 2f 20 69 31 38 6e 65 78 74 2e 63 68 61 6e Data Ascii: asLoadedNamespace(t)?this.logger.warn('did not save key "'.concat(n,'" as the namespace "').concat(t,'" was not yet loaded'),"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.chan
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 63 74 69 76 65 58 4f 62 6a 65 63 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 6e 26 26 22 6f 62 6a 65 63 74 22 3d 3d 3d 77 65 28 6e 29 26 26 28 6e 3d 54 65 28 22 22 2c 6e 29 2e 73 6c 69 63 65 28 31 29 29 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 26 26 28 74 3d 54 65 28 74 2c 65 2e 71 75 65 72 79 53 74 72 69 6e 67 50 61 72 61 6d 73 29 29 3b 74 72 79 7b 76 61 72 20 69 3b 28 69 3d 76 65 3f 6e 65 77 20 76 65 3a 6e 65 77 20 62 65 28 22 4d 53 58 4d 4c 32 2e 58 4d 4c 48 54 54 50 2e 33 2e 30 22 29 29 2e 6f 70 65 6e 28 6e 3f 22 50 4f 53 54 22 3a 22 47 45 54 22 2c 74 2c 31 29 2c 65 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 69 2e 73 65 74 52 65 71 75 65 73 74 48 65 61 64 65 72 28 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 Data Ascii: ctiveXObject?function(e,t,n,r){n&&"object"===we(n)&&(n=Te("",n).slice(1)),e.queryStringParams&&(t=Te(t,e.queryStringParams));try{var i;(i=ve?new ve:new be("MSXML2.XMLHTTP.3.0")).open(n?"POST":"GET",t,1),e.crossDomain\|\|i.setRequestHeader("X-Requested-With"
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 65 22 2c 65 2e 61 66 74 65 72 3d 22 41 66 74 65 72 22 2c 65 2e 63 75 72 72 65 6e 74 3d 22 43 75 72 72 65 6e 74 22 7d 28 74 74 7c 7c 28 74 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 6e 6f 48 6f 6c 64 6f 75 74 3d 22 6e 6f 48 6f 6c 64 6f 75 74 22 2c 65 2e 68 6f 6c 64 6f 75 74 3d 22 68 6f 6c 64 6f 75 74 22 7d 28 6e 74 7c 7c 28 6e 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 3d 22 43 6f 6e 64 69 74 69 6f 6e 4d 65 74 22 2c 65 2e 54 69 6d 65 4c 69 6d 69 74 3d 22 54 69 6d 65 4c 69 6d 69 74 22 7d 28 72 74 7c 7c 28 72 74 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 53 74 61 6e 64 41 6c 6f 6e 65 3d 22 53 74 61 6e 64 41 6c 6f 6e 65 22 2c 65 2e 53 69 6e 67 6c 65 41 63 74 69 6f 6e Data Ascii: e",e.after="After",e.current="Current"}(tt\|\|(tt={})),function(e){e.noHoldout="noHoldout",e.holdout="holdout"}(nt\|\|(nt={})),function(e){e.ConditionMet="ConditionMet",e.TimeLimit="TimeLimit"}(rt\|\|(rt={})),function(e){e.StandAlone="StandAlone",e.SingleAction
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 20 73 2e 74 72 79 73 2e 70 75 73 68 28 5b 32 2c 34 2c 2c 35 5d 29 2c 5b 34 2c 50 72 6f 6d 69 73 65 2e 61 6c 6c 28 74 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 61 29 7b 72 65 74 75 72 6e 20 69 5b 61 5d 26 26 69 5b 61 5d 2e 72 65 71 75 65 73 74 65 64 41 74 21 3d 3d 72 3f 6f 2e 74 72 79 52 65 74 72 69 65 76 65 56 61 6c 75 65 28 22 22 2e 63 6f 6e 63 61 74 28 65 2c 22 5f 22 29 2e 63 6f 6e 63 61 74 28 74 29 2c 6f 2e 65 78 70 69 72 61 74 69 6f 6e 43 61 63 68 65 2c 69 5b 61 5d 2c 6e 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 6e 75 6c 6c 29 7d 29 29 29 5d 3b 63 61 73 65 20 33 3a 72 65 74 75 72 6e 20 73 2e 73 65 6e 74 28 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 61 5b 74 5b 6e 5d 5d 3d 65 7d Data Ascii: s.trys.push([2,4,,5]),[4,Promise.all(t.map((function(t,a){return i[a]&&i[a].requestedAt!==r?o.tryRetrieveValue("".concat(e,"_").concat(t),o.expirationCache,i[a],n):Promise.resolve(null)})))];case 3:return s.sent().forEach((function(e,n){return a[t[n]]=e}
2024-04-24 13:42:55 UTC	16384	IN	Data Raw: 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 5b 34 2c 74 68 69 73 2e 66 65 74 63 68 47 65 74 28 65 29 5d 3b 63 61 73 65 20 31 3a 69 66 28 21 28 6e 3d 72 2e 73 65 6e 74 28 29 29 2e 6f 6b 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 22 2e 63 6f 6e 63 61 74 28 6e 75 6c 6c 3d 3d 74 3f 22 22 3a 74 2b 22 20 22 2c 22 53 74 61 74 75 73 3a 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 2c 22 20 2d 20 22 29 2e 63 6f 6e 63 61 74 28 6e 2e 73 74 61 74 75 73 54 65 78 74 29 29 3b 72 65 74 75 72 6e 5b 34 2c 6e 2e 6a 73 6f 6e 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 5b 32 2c 72 2e 73 65 6e 74 28 29 5d 7d 7d 29 29 7d 29 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 65 74 63 68 50 6f 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c Data Ascii: .label){case 0:return[4,this.fetchGet(e)];case 1:if(!(n=r.sent()).ok)throw new Error("".concat(null==t?"":t+" ","Status: ").concat(n.status," - ").concat(n.statusText));return[4,n.json()];case 2:return[2,r.sent()]}}))}))},e.prototype.fetchPost=function(e,

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:55 UTC	738	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: text/plain sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:56 UTC	589	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:56 GMT Content-Type: text/html Content-Length: 30255 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Access-Control-Allow-Origin: * Cache-Control: public, max-age=900, must-revalidate x-ms-trace-id: 42618b0401f5c35cfa60ed6242f73de2 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134255Z-168bb8d798b5v6l944pfnrufyw000000019g00000000ns7s x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 13:42:56 UTC	15795	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4d 61 72 6b 65 74 69 6e 67 20 46 6f 72 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 Data Ascii: <!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Marketing Form</title> <meta name="referrer" cont
2024-04-24 13:42:56 UTC	14460	IN	Data Raw: 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 74 77 6f 4f 70 74 69 6f 6e 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 74 77 6f 6f 70 74 69 6f 6e 5f 63 68 65 63 6b 62 6f 78 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 64 69 76 2e 72 61 64 69 6f 62 75 74 74 6f 6e 73 20 3e 20 64 69 76 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6d 75 6c 74 69 4f 70 74 69 6f 6e 53 65 74 46 6f 72 6d 46 69 65 6c 64 42 6c 6f 63 6b 20 66 69 65 6c 64 73 65 74 20 3e 20 64 69 76 2c Data Ascii: } .twoOptionFormFieldBlock div.radiobuttons > div, .twoOptionFormFieldBlock div.twooption_checkbox > div, .optionSetFormFieldBlock div.radiobuttons > div, .multiOptionSetFormFieldBlock fieldset > div,

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:56 UTC	650	OUT	GET /usa/FormLoader/public/locales/en-us/translation.json HTTP/1.1 Host: cxppusa1formui01cdnsa01-endpoint.azureedge.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://assets-usa.mkt.dynamics.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:56 UTC	628	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:56 GMT Content-Type: application/json Content-Length: 1304 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Last-Modified: Tue, 27 Feb 2024 09:22:19 GMT ETag: 0x8DC377598F59007 x-ms-request-id: 294103bd-a01e-008e-7dba-95f8d0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * x-azure-ref: 20240424T134256Z-168bb8d798b4bst68753kwrwcg000000021g0000000054ku x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 13:42:56 UTC	1304	IN	Data Raw: 7b 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 22 3a 20 22 46 61 69 6c 65 64 20 74 6f 20 6c 6f 61 64 20 66 6f 72 6d 22 2c 0d 0a 20 20 22 46 6f 72 6d 46 61 69 6c 65 64 54 6f 4c 6f 61 64 43 6f 72 73 22 3a 20 22 54 68 65 20 66 6f 72 6d 20 63 61 6e 20 6e 6f 74 20 62 65 20 6c 6f 61 64 65 64 20 6f 6e 20 61 20 64 6f 6d 61 69 6e 20 74 68 61 74 20 68 61 73 6e 27 74 20 62 65 65 6e 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 65 78 74 65 72 6e 61 6c 20 66 6f 72 6d 20 68 6f 73 74 69 6e 67 20 6f 72 20 74 68 65 72 65 20 69 73 20 61 20 6e 65 74 77 6f 72 6b 20 63 6f 6e 6e 65 63 74 69 76 69 74 79 20 69 73 73 75 65 22 2c 0d 0a 20 20 22 4c 65 61 72 6e 4d 6f 72 65 22 3a 20 22 4c 65 61 72 6e 20 6d 6f 72 65 22 2c 0d 0a 20 20 22 46 6f 72 6d 53 75 62 6d 69 74 74 65 Data Ascii: { "FormFailedToLoad": "Failed to load form", "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue", "LearnMore": "Learn more", "FormSubmitte

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:56 UTC	713	OUT	GET /favicon.ico HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:56 UTC	313	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 13:42:56 GMT Content-Type: text/html Content-Length: 548 Connection: close Strict-Transport-Security: max-age=2592000; preload x-azure-ref: 20240424T134256Z-168bb8d798bbqgrcawqpfu2sb800000005t000000000faht x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS
2024-04-24 13:42:56 UTC	548	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:56 UTC	668	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ed5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:58 UTC	484	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:58 GMT Content-Type: image/png Content-Length: 40703 Connection: close Access-Control-Allow-Origin: * x-ms-trace-id: 8694626b0604c5c54a1d7662a3854aeb Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134257Z-168bb8d798bb9jsgq25rvu9gk800000000ng00000000kyd8 Cache-Control: public, max-age=2592000 x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 13:42:58 UTC	15900	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 ca 00 00 01 1e 08 06 00 00 00 93 d1 33 e4 00 00 0c 3d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 52 21 b4 00 02 52 42 6f 82 88 94 00 52 42 68 a1 77 04 51 09 49 80 50 62 0c 04 15 3b ba a8 e0 da c5 02 36 74 55 44 c1 0a 88 05 45 ec 2c 8a bd 2f 16 14 94 75 b1 60 57 de a4 80 ae fb ca f7 ce f7 cd bd ff fd e7 cc 7f ce 9c 3b b7 0c 00 ea 27 b8 62 71 2e aa 01 40 9e a8 40 12 1b ec cf 18 9b 9c c2 20 75 03 04 a0 00 03 04 40 e6 f2 f2 c5 ac e8 e8 70 00 6d f0 fc 77 7b 77 03 7a 43 bb ea 20 d3 fa 67 ff 7f 35 4d be 20 9f 07 00 12 0d 71 3a 3f 9f 97 07 f1 41 00 f0 4a 9e 58 52 00 00 51 c6 9b 4f 29 10 cb 30 6c 40 5b 02 13 84 78 a1 0c 67 2a 70 a5 0c a7 2b f0 5e b9 4f 7c 2c 1b e2 56 Data Ascii: PNGIHDR3=iCCPICC ProfileHWXS[R!RBoRBhwQIPb;6tUDE,/u`W;'bq.@@ u@pmw{wzC g5M q:?AJXRQO)0l@[xg*p+^O\|,V
2024-04-24 13:42:58 UTC	16384	IN	Data Raw: 7d 22 30 59 04 6a a2 6c 27 2b 4b 22 90 08 24 02 89 c0 dc 41 60 ce 11 65 f9 54 6e 10 b1 da 97 66 e0 e6 a9 78 44 da dc 81 2d 7b b2 b8 22 10 5b d2 b6 05 e5 46 47 d4 74 71 1d 4f f6 7b f1 47 40 54 d3 0d 66 d2 35 e2 b1 98 8b ff a8 72 04 89 40 22 90 08 cc 0f 04 e6 14 51 9e 1f 90 e6 28 12 81 44 20 11 48 04 12 81 44 20 11 48 04 e6 03 02 49 94 e7 c3 2c e6 18 12 81 44 20 11 48 04 12 81 44 20 11 48 04 a6 1d 81 24 ca d3 0e 69 56 98 08 24 02 89 40 22 90 08 24 02 89 40 22 30 1f 10 48 a2 3c 1f 66 31 c7 90 08 24 02 89 40 22 90 08 24 02 89 40 22 30 ed 08 24 51 9e 76 48 b3 c2 44 20 11 48 04 12 81 44 20 11 48 04 12 81 f9 80 40 12 e5 f9 30 8b 39 86 44 20 11 48 04 12 81 44 20 11 48 04 12 81 69 47 20 89 f2 b4 43 9a 15 26 02 89 40 22 90 08 24 02 89 40 22 90 08 cc 07 04 92 28 cf Data Ascii: }"0Yjl'+K"$A`eTnfxD-{"[FGtqO{G@Tf5r@"Q(D HD HI,D HD H$iV$@"$@"0H<f1$@"$@"0$QvHD HD H@09D HD HiG C&@"$@"(
2024-04-24 13:42:58 UTC	8419	IN	Data Raw: c3 0d 37 98 c0 25 16 ce c3 1f fe b9 8e 6e e2 e4 93 4f 0e 8d 1a 35 8a be 94 a3 bf 07 0e 1c 18 ce 3c f3 cc 70 d4 51 47 e5 68 f9 ed b1 10 df 43 48 5f b3 66 cd 62 37 8f 54 de 71 c7 1d a1 65 cb 96 c1 fb 02 11 bd fd f6 db c3 d1 47 1f 1d ce 3e fb ec c4 7a 83 06 0d 0a 7c 87 d5 af 5f df 5e 7b f3 cd 37 c3 bb ef be 1b 3a 74 e8 10 2a 54 a8 90 58 2e f9 0f 5f ce 3f 8b 17 5e 78 61 38 ec b0 c3 6c 31 c6 f2 0f 3f fc 60 52 8b 74 b6 6b d7 ce 02 0a bc c9 77 0e 13 7a ea cf 77 4e c7 8e 1d 4d a6 11 67 c6 52 b4 f0 5e f9 f2 e5 c3 ec d9 b3 03 6d 46 de 09 64 1c 70 c0 01 e1 d2 4b 2f dd 6a b2 33 67 ce 9c f0 e4 93 4f 86 1b 6f bc 31 ba 19 7b 8d ef 6b 26 72 ec 67 d4 a8 51 81 cf 94 7f ef c1 11 06 5e bc 6d d9 31 f0 e5 f5 5b 04 44 40 04 76 16 02 69 13 65 1a dc bb 77 ef 50 b2 64 c9 44 db 5d Data Ascii: 7%nO5<pQGhCH_fb7TqeG>z\|_^{7:t*TX._?^xa8l1?`RtkwzwNMgR^mFdpK/j3gOo1{k&rgQ^m1[D@viewPdD]

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:57 UTC	668	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ee5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:58 UTC	484	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:58 GMT Content-Type: image/png Content-Length: 47204 Connection: close Access-Control-Allow-Origin: * x-ms-trace-id: 5d37dc350265dfcba2bd3bf81451371e Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134257Z-168bb8d798bxw8g2q846ctnvy000000005hg00000000uf3m Cache-Control: public, max-age=2592000 x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 13:42:58 UTC	15900	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 2a 00 00 01 14 08 06 00 00 00 c4 26 c2 33 00 00 0c 3d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 52 21 b4 00 02 52 42 6f 82 88 94 00 52 42 68 a1 77 04 51 09 49 80 50 62 0c 04 15 3b ba a8 e0 da c5 02 36 74 55 44 c1 0a 88 05 45 ec 2c 8a bd 2f 16 14 94 75 b1 60 57 de a4 80 ae fb ca f7 ce f7 cd bd ff fd e7 cc 7f ce 9c 3b b7 0c 00 ea 27 b8 62 71 2e aa 01 40 9e a8 40 12 1b ec cf 18 9b 9c c2 20 75 03 04 a0 00 03 04 40 e6 f2 f2 c5 ac e8 e8 70 00 6d f0 fc 77 7b 77 03 7a 43 bb ea 20 d3 fa 67 ff 7f 35 4d be 20 9f 07 00 12 0d 71 3a 3f 9f 97 07 f1 41 00 f0 4a 9e 58 52 00 00 51 c6 9b 4f 29 10 cb 30 6c 40 5b 02 13 84 78 a1 0c 67 2a 70 a5 0c a7 2b f0 5e b9 4f 7c 2c 1b e2 56 Data Ascii: PNGIHDR&3=iCCPICC ProfileHWXS[R!RBoRBhwQIPb;6tUDE,/u`W;'bq.@@ u@pmw{wzC g5M q:?AJXRQO)0l@[xgp+^O\|,V
2024-04-24 13:42:58 UTC	16384	IN	Data Raw: 43 87 c6 ec f3 6d 0c 1a 34 48 ce 3f ff fc 98 43 98 1c 8c 1b 37 2e 66 5f 6e 6d 50 a8 e4 16 49 96 43 02 79 93 c0 e6 cd 9b e5 f9 e7 9f 97 87 1f 7e d8 08 93 74 7a 71 d9 65 97 49 ef de bd a5 5e bd 7a e9 64 cf 33 79 60 5d c6 4d a5 ec a4 86 0d 1b 0a 7e 1f 20 e0 da b4 69 23 15 2a 54 c8 ce e9 d9 ce 3b 73 e6 4c d9 7f ff fd e3 ce fb f1 c7 1f e5 c8 23 8f 8c db cf 1d 24 40 02 39 27 40 a1 92 73 76 3c 73 0f 12 e8 df bf bf 74 ee dc 39 ae 06 dc 6d c3 dd b4 64 09 d6 08 dc 6d f3 a5 ed db b7 4b e1 c2 85 7d 87 a2 fb 6e ba e9 26 f9 df ff fe 17 dd c6 9b fb ef bf 5f 7a f6 ec 19 b3 2f b7 36 28 54 72 8b 64 38 cb c9 ca ca 92 09 13 26 98 09 4c c1 82 05 c3 d9 48 b6 6a af 11 18 31 62 84 5c 72 c9 25 69 0b 14 b7 a1 10 37 dd bb 77 77 77 e7 d9 ed 9c 08 15 b7 b3 10 2d 2f bc f0 82 c0 8d 76 Data Ascii: Cm4H?C7.f_nmPICy~tzqeI^zd3y`]M~ i#*T;sL#$@9'@sv<st9mdmK}n&_z/6(Trd8&LHj1b\r%i7www-/v
2024-04-24 13:42:59 UTC	14920	IN	Data Raw: ca 84 16 e3 08 72 ca 7d 55 60 65 dd 8e 8b e8 09 9c 4d e2 b8 57 90 a3 82 23 a3 95 67 95 89 3e b7 bb 1f e8 0f bc d3 84 95 68 a4 57 74 bf b5 31 28 53 db 47 ed 07 2f ca e4 3d d5 df d0 af 2b 2b 29 2f e3 e1 79 dc 38 2a 16 0c 94 0f ca c0 ce ca da f7 23 b9 c7 88 62 c0 a0 0c 84 7e bc 07 84 8b 55 0b 66 73 b5 4c da 0f cf d4 15 83 90 83 dc 4d e9 a8 c3 54 39 48 cc 82 c0 6b 55 3a 78 81 0f 0c 9a 41 05 0d 62 32 06 30 b2 51 34 76 1b 58 ae ac 91 c8 03 c6 19 46 22 65 59 c7 23 2d 07 bc c1 9e 74 55 fc a4 79 cb 9e 31 dc c0 70 90 81 99 1c f6 8e 37 91 0f ea fd 58 fc 5d 15 78 b1 2b 9e 39 be e0 99 cf 39 5b a3 36 97 8e 38 d2 c0 0b 86 4a d3 50 57 d6 99 dd b2 5b cc 6c 39 18 19 4c 4c 30 70 f7 1b 68 73 3b db 5b 46 87 fe 42 bf 11 7e 3a a3 42 fd d3 00 de c8 35 0e 6b 3f d8 f4 aa 73 5a 56 Data Ascii: r}U`eMW#g>hWt1(SG/=++)/y8*#b~UfsLMT9HkU:xAb20Q4vXF"eY#-tUy1p7X]x+99[68JPW[l9LL0phs;[FB~:B5k?sZV

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FW_ FHAS Inc_ - Private and Confidential.msg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48EBACDA.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C20A313.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ACA69AFD.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9C988B96-81C5-4545-9CFC-FA09A30582A7}.tmp

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153440810300_9D896760-3D20-4F86-9968-C7231F7BD680.log

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713966153441651900_9D896760-3D20-4F86-9968-C7231F7BD680.log

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240424T1542330214-3932.etl

C:\Users\user\AppData\Local\Temp\~DFC466553D3B223022.TMP

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Windows Analysis Report
FW_ FHAS Inc_ - Private and Confidential.msg

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:57 UTC	605	OUT	OPTIONS /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://assets-usa.mkt.dynamics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:57 UTC	383	IN	HTTP/1.1 204 No Content Server: nginx Date: Wed, 24 Apr 2024 13:42:57 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Methods: GET,POST Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 30572dc98b22c0a8c123649f95be3383 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:58 UTC	668	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:00 UTC	484	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:42:59 GMT Content-Type: image/png Content-Length: 57945 Connection: close Access-Control-Allow-Origin: * x-ms-trace-id: 960ec994404aed909853cdd9e89d1dfa Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134258Z-168bb8d798b8nl86frq151a46000000005u0000000003ap2 Cache-Control: public, max-age=2592000 x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-24 13:43:00 UTC	15900	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 c2 00 00 02 00 08 06 00 00 00 88 32 0a 66 00 00 0c 3d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 52 21 b4 00 02 52 42 6f 82 88 94 00 52 42 68 a1 77 04 51 09 49 80 50 62 0c 04 15 3b ba a8 e0 da c5 02 36 74 55 44 c1 0a 88 05 45 ec 2c 8a bd 2f 16 14 94 75 b1 60 57 de a4 80 ae fb ca f7 ce f7 cd bd ff fd e7 cc 7f ce 9c 3b b7 0c 00 ea 27 b8 62 71 2e aa 01 40 9e a8 40 12 1b ec cf 18 9b 9c c2 20 75 03 04 a0 00 03 04 40 e6 f2 f2 c5 ac e8 e8 70 00 6d f0 fc 77 7b 77 03 7a 43 bb ea 20 d3 fa 67 ff 7f 35 4d be 20 9f 07 00 12 0d 71 3a 3f 9f 97 07 f1 41 00 f0 4a 9e 58 52 00 00 51 c6 9b 4f 29 10 cb 30 6c 40 5b 02 13 84 78 a1 0c 67 2a 70 a5 0c a7 2b f0 5e b9 4f 7c 2c 1b e2 56 Data Ascii: PNGIHDR2f=iCCPICC ProfileHWXS[R!RBoRBhwQIPb;6tUDE,/u`W;'bq.@@ u@pmw{wzC g5M q:?AJXRQO)0l@[xg*p+^O\|,V
2024-04-24 13:43:00 UTC	16384	IN	Data Raw: 22 8c a4 11 24 40 02 24 40 02 24 f0 57 02 14 c2 ac 0a 99 25 00 21 6c d6 84 46 da 6f d6 b2 c9 c3 0f 3f cc d9 e0 48 42 c9 5f 30 6b bb ed 23 70 37 66 f3 29 2a 39 e1 84 13 dc 53 dc 27 01 12 20 01 12 20 81 8a 20 40 21 5c 11 c5 40 23 8a 21 60 7e d1 4b cc 0b 2a 32 67 ce 1c 31 3f 34 61 67 81 cd cb 27 76 e6 f1 db df fe b6 7d 1c 8f b5 c7 74 e5 23 60 5e 26 f2 d7 01 9b 37 bf e5 9c 73 ce 91 6f 7e f3 9b e5 33 80 29 91 00 09 90 00 09 90 40 01 04 28 84 0b 80 45 af 24 40 02 f1 08 e0 c5 17 de 84 c4 63 45 5f 24 40 02 24 40 02 e9 11 a0 10 4e 8f 3d 53 26 01 12 20 01 12 20 01 12 20 01 12 48 91 00 85 70 8a f0 99 34 09 90 00 09 90 00 09 90 00 09 90 40 7a 04 28 84 d3 63 cf 94 49 80 04 48 80 04 48 80 04 48 80 04 52 24 40 21 9c 22 7c 26 4d 02 24 40 02 24 40 02 24 40 02 24 90 1e 01 Data Ascii: "$@$@$W%!lFo?HB_0k#p7f)9S' @!\@#!`~K2g1?4ag'v}t#`^&7so~3)@(E$@cE_$@$@N=S& Hp4@z(cIHHHR$@!"\|&M$@$@$@$
2024-04-24 13:43:00 UTC	16384	IN	Data Raw: 75 09 c4 d3 5f 19 22 2e 0b 32 f8 f1 b5 16 4c 7e 7a 9b da 11 c2 b0 5a 73 fd ac 96 2e 5d 18 04 12 11 a8 9b 9e b7 6e 61 87 1f e6 af 72 3e fa bc 45 3d 8e 55 08 eb 16 ec 40 0f 3d d6 fc ad 69 31 77 ab 70 d3 6f da fc 60 87 b4 bc 5d 97 fa 7c 6a 9e 4a 83 b0 f8 e3 f1 11 75 2c 6e 21 ac 7f 48 c6 d7 0d 7f 00 c6 1f 35 a1 fd 30 76 a3 7c b0 b8 72 b9 f5 6b c4 9f 10 b6 8e d7 de f8 70 9a 85 15 c2 48 07 cb 80 71 7f e1 3d a6 9b 71 1e f9 11 c2 7a 58 58 98 39 0d eb 5e ef ef 56 21 8c 31 9f cb 01 11 6b bd ae 75 23 84 af a9 13 b8 47 ea 0f 77 18 bf 0b 9a ae 5d 21 cc d3 34 ac 75 b5 9e fb ba 7f eb 6f f3 f4 b4 f4 69 36 56 03 9a fe d6 0b 2b 48 58 f3 d2 cf f5 b9 d5 d6 fe a7 87 93 63 fb ba ef 8c 11 c2 68 d4 2d 07 12 5d 6d 86 fe e7 7a 56 cd f9 5d bd 27 ce 10 ba 63 e7 ba e7 7c c2 32 8c 0f Data Ascii: u_".2L~zZs.]nar>E=U@=i1wpo`]\|jJu,n!H50v\|rkpHq=qzXX9^V!1ku#Gw]!4uoi6V+HXch-]mzV]'c\|2
2024-04-24 13:43:00 UTC	9277	IN	Data Raw: 5f 9e b6 1d 1e 01 03 2d 9f 96 9f c4 74 21 1c 16 ad 96 99 c2 64 68 1b 5b 8d aa 35 e9 b7 b7 bf b5 11 f2 54 10 5f cb a7 9d 0a 61 ff 28 bf 42 b8 42 ab ab a9 e9 f3 6f d8 cf 40 0b f9 de 5d 7f d2 21 f5 f1 58 61 b6 d4 e8 fd 6a b5 91 76 54 b5 ac ef a5 27 53 52 d2 68 e9 4a f7 5a ed de f2 ba f2 e1 46 d4 fe a5 e6 de bc 7c ba 59 97 4f f3 19 d0 86 87 2b 2b 8d 0e ff 3b 96 ea 5e 79 3f 45 56 a8 46 e1 d1 15 8c 9f c0 0e 14 b5 a0 42 18 e9 fe b0 39 99 66 6c d1 d6 c0 56 4a 16 62 56 17 bf 04 11 ab c2 42 d4 b2 d0 45 5c f7 f1 a9 f0 ca 8c 7c 4a f8 1a 89 b8 d3 21 97 bb cf b3 80 46 5c 6c 35 2a 86 d1 b8 7b ab 9b 1f c8 ba 5d e5 ff 60 11 10 21 1c 2c 92 92 8e 10 10 02 42 a0 80 04 7e 5b 7a 98 06 7f ea fe 18 ae 80 49 78 44 8b f9 f7 13 8a 2c d7 80 22 cb 37 f4 70 f7 77 12 1d 15 4e eb 66 e4 Data Ascii: _-t!dh[5T_a(BBo@]!XajvT'SRhJZF\|YO++;^y?EVFB9flVJbVBE\\|J!F\l5*{]`!,B~[zIxD,"7pwNf

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:58 UTC	715	OUT	POST /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Content-Length: 153 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:42:58 UTC	153	OUT	Data Raw: 7b 22 70 61 67 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 39 37 37 39 31 35 37 33 2d 61 39 30 30 2d 65 66 31 31 2d 39 66 38 35 2d 30 30 32 32 34 38 32 38 32 30 32 65 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 62 65 62 32 36 65 31 36 2d 63 35 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 33 62 36 33 36 22 7d Data Ascii: {"pageUrl":"https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636"}
2024-04-24 13:42:59 UTC	366	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 13:42:58 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 75393fef2451bd37627a0ec8b127095d Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff
2024-04-24 13:42:59 UTC	54	IN	Data Raw: 32 62 0d 0a 7b 22 69 6e 74 65 72 61 63 74 69 6f 6e 53 74 61 74 75 73 22 3a 30 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2b{"interactionStatus":0,"errorMessage":null}0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:42:59 UTC	468	OUT	GET /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636/visits HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:00 UTC	218	IN	HTTP/1.1 403 Forbidden Server: nginx Date: Wed, 24 Apr 2024 13:42:59 GMT Content-Length: 0 Connection: close x-ms-trace-id: e8e9550c23fbd946b636379dc5cdd8b5 Strict-Transport-Security: max-age=2592000; preload

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:00 UTC	467	OUT	GET /97791573-a900-ef11-9f85-00224828202e/digitalassets/images/ef5a3db9-c400-ef11-a1fd-6045bdd3b636?ts=638493998497242870 HTTP/1.1 Host: assets-usa.mkt.dynamics.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:01 UTC	504	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:43:01 GMT Content-Type: image/png Content-Length: 57945 Connection: close Access-Control-Allow-Origin: * x-ms-trace-id: 960ec994404aed909853cdd9e89d1dfa Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff x-azure-ref: 20240424T134301Z-168bb8d798bj2crg3us8a5psdg00000003rg000000001fcu Cache-Control: public, max-age=2592000 x-fd-int-roxy-purgeid: 69112800 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-04-24 13:43:01 UTC	15880	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 c2 00 00 02 00 08 06 00 00 00 88 32 0a 66 00 00 0c 3d 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 52 21 b4 00 02 52 42 6f 82 88 94 00 52 42 68 a1 77 04 51 09 49 80 50 62 0c 04 15 3b ba a8 e0 da c5 02 36 74 55 44 c1 0a 88 05 45 ec 2c 8a bd 2f 16 14 94 75 b1 60 57 de a4 80 ae fb ca f7 ce f7 cd bd ff fd e7 cc 7f ce 9c 3b b7 0c 00 ea 27 b8 62 71 2e aa 01 40 9e a8 40 12 1b ec cf 18 9b 9c c2 20 75 03 04 a0 00 03 04 40 e6 f2 f2 c5 ac e8 e8 70 00 6d f0 fc 77 7b 77 03 7a 43 bb ea 20 d3 fa 67 ff 7f 35 4d be 20 9f 07 00 12 0d 71 3a 3f 9f 97 07 f1 41 00 f0 4a 9e 58 52 00 00 51 c6 9b 4f 29 10 cb 30 6c 40 5b 02 13 84 78 a1 0c 67 2a 70 a5 0c a7 2b f0 5e b9 4f 7c 2c 1b e2 56 Data Ascii: PNGIHDR2f=iCCPICC ProfileHWXS[R!RBoRBhwQIPb;6tUDE,/u`W;'bq.@@ u@pmw{wzC g5M q:?AJXRQO)0l@[xg*p+^O\|,V
2024-04-24 13:43:01 UTC	16384	IN	Data Raw: 55 cc f7 69 05 b3 5e e7 9e 7b ae a0 3c e0 cc 8b 52 76 d6 b6 22 8c a4 11 24 40 02 24 40 02 24 f0 57 02 14 c2 ac 0a 99 25 00 21 6c d6 84 46 da 6f d6 b2 c9 c3 0f 3f cc d9 e0 48 42 c9 5f 30 6b bb ed 23 70 37 66 f3 29 2a 39 e1 84 13 dc 53 dc 27 01 12 20 01 12 20 81 8a 20 40 21 5c 11 c5 40 23 8a 21 60 7e d1 4b cc 0b 2a 32 67 ce 1c 31 3f 34 61 67 81 cd cb 27 76 e6 f1 db df fe b6 7d 1c 8f b5 c7 74 e5 23 60 5e 26 f2 d7 01 9b 37 bf e5 9c 73 ce 91 6f 7e f3 9b e5 33 80 29 91 00 09 90 00 09 90 40 01 04 28 84 0b 80 45 af 24 40 02 f1 08 e0 c5 17 de 84 c4 63 45 5f 24 40 02 24 40 02 e9 11 a0 10 4e 8f 3d 53 26 01 12 20 01 12 20 01 12 20 01 12 48 91 00 85 70 8a f0 99 34 09 90 00 09 90 00 09 90 00 09 90 40 7a 04 28 84 d3 63 cf 94 49 80 04 48 80 04 48 80 04 48 80 04 52 24 40 Data Ascii: Ui^{<Rv"$@$@$W%!lFo?HB_0k#p7f)9S' @!\@#!`~K2g1?4ag'v}t#`^&7so~3)@(E$@cE_$@$@N=S& Hp4@z(cIHHHR$@
2024-04-24 13:43:01 UTC	16384	IN	Data Raw: 40 30 2f 7d 1a 01 ac 4e 7c 4d 40 1c 70 18 7c 79 1e 28 4f 7d 75 09 c4 d3 5f 19 22 2e 0b 32 f8 f1 b5 16 4c 7e 7a 9b da 11 c2 b0 5a 73 fd ac 96 2e 5d 18 04 12 11 a8 9b 9e b7 6e 61 87 1f e6 af 72 3e fa bc 45 3d 8e 55 08 eb 16 ec 40 0f 3d d6 fc ad 69 31 77 ab 70 d3 6f da fc 60 87 b4 bc 5d 97 fa 7c 6a 9e 4a 83 b0 f8 e3 f1 11 75 2c 6e 21 ac 7f 48 c6 d7 0d 7f 00 c6 1f 35 a1 fd 30 76 a3 7c b0 b8 72 b9 f5 6b c4 9f 10 b6 8e d7 de f8 70 9a 85 15 c2 48 07 cb 80 71 7f e1 3d a6 9b 71 1e f9 11 c2 7a 58 58 98 39 0d eb 5e ef ef 56 21 8c 31 9f cb 01 11 6b bd ae 75 23 84 af a9 13 b8 47 ea 0f 77 18 bf 0b 9a ae 5d 21 cc d3 34 ac 75 b5 9e fb ba 7f eb 6f f3 f4 b4 f4 69 36 56 03 9a fe d6 0b 2b 48 58 f3 d2 cf f5 b9 d5 d6 fe a7 87 93 63 fb ba ef 8c 11 c2 68 d4 2d 07 12 5d 6d 86 fe Data Ascii: @0/}N\|M@p\|y(O}u_".2L~zZs.]nar>E=U@=i1wpo`]\|jJu,n!H50v\|rkpHq=qzXX9^V!1ku#Gw]!4uoi6V+HXch-]m
2024-04-24 13:43:01 UTC	9297	IN	Data Raw: 0b e1 fd 2b c6 53 44 d9 7a 14 55 a1 a1 ed a2 44 45 85 d1 ba 5f 9e b6 1d 1e 01 03 2d 9f 96 9f c4 74 21 1c 16 ad 96 99 c2 64 68 1b 5b 8d aa 35 e9 b7 b7 bf b5 11 f2 54 10 5f cb a7 9d 0a 61 ff 28 bf 42 b8 42 ab ab a9 e9 f3 6f d8 cf 40 0b f9 de 5d 7f d2 21 f5 f1 58 61 b6 d4 e8 fd 6a b5 91 76 54 b5 ac ef a5 27 53 52 d2 68 e9 4a f7 5a ed de f2 ba f2 e1 46 d4 fe a5 e6 de bc 7c ba 59 97 4f f3 19 d0 86 87 2b 2b 8d 0e ff 3b 96 ea 5e 79 3f 45 56 a8 46 e1 d1 15 8c 9f c0 0e 14 b5 a0 42 18 e9 fe b0 39 99 66 6c d1 d6 c0 56 4a 16 62 56 17 bf 04 11 ab c2 42 d4 b2 d0 45 5c f7 f1 a9 f0 ca 8c 7c 4a f8 1a 89 b8 d3 21 97 bb cf b3 80 46 5c 6c 35 2a 86 d1 b8 7b ab 9b 1f c8 ba 5d e5 ff 60 11 10 21 1c 2c 92 92 8e 10 10 02 42 a0 80 04 7e 5b 7a 98 06 7f ea fe 18 ae 80 49 78 44 8b f9 Data Ascii: +SDzUDE_-t!dh[5T_a(BBo@]!XajvT'SRhJZF\|YO++;^y?EVFB9flVJbVBE\\|J!F\l5*{]`!,B~[zIxD

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:03 UTC	598	OUT	OPTIONS /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://assets-usa.mkt.dynamics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:03 UTC	383	IN	HTTP/1.1 204 No Content Server: nginx Date: Wed, 24 Apr 2024 13:43:03 GMT Connection: close Access-Control-Allow-Headers: content-type Access-Control-Allow-Methods: GET,POST Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 1b94e907e2818e0e58425eafdc5ec976 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:04 UTC	708	OUT	POST /api/v1.0/orgs/97791573-a900-ef11-9f85-00224828202e/landingpageforms/forms/beb26e16-c500-ef11-a1fd-6045bdd3b636 HTTP/1.1 Host: public-usa.mkt.dynamics.com Connection: keep-alive Content-Length: 174 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://assets-usa.mkt.dynamics.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:04 UTC	174	OUT	Data Raw: 7b 22 70 75 62 6c 69 73 68 65 64 46 6f 72 6d 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2d 75 73 61 2e 6d 6b 74 2e 64 79 6e 61 6d 69 63 73 2e 63 6f 6d 2f 39 37 37 39 31 35 37 33 2d 61 39 30 30 2d 65 66 31 31 2d 39 66 38 35 2d 30 30 32 32 34 38 32 38 32 30 32 65 2f 64 69 67 69 74 61 6c 61 73 73 65 74 73 2f 73 74 61 6e 64 61 6c 6f 6e 65 66 6f 72 6d 73 2f 62 65 62 32 36 65 31 36 2d 63 35 30 30 2d 65 66 31 31 2d 61 31 66 64 2d 36 30 34 35 62 64 64 33 62 36 33 36 22 2c 22 66 69 65 6c 64 73 22 3a 5b 5d 7d Data Ascii: {"publishedFormUrl":"https://assets-usa.mkt.dynamics.com/97791573-a900-ef11-9f85-00224828202e/digitalassets/standaloneforms/beb26e16-c500-ef11-a1fd-6045bdd3b636","fields":[]}
2024-04-24 13:43:05 UTC	366	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 13:43:05 GMT Content-Type: application/json; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: https://assets-usa.mkt.dynamics.com x-ms-trace-id: 8230a7cdeec8badd95dfccfd688b8ad6 Strict-Transport-Security: max-age=2592000; preload x-content-type-options: nosniff
2024-04-24 13:43:05 UTC	53	IN	Data Raw: 32 61 0d 0a 7b 22 73 75 62 6d 69 73 73 69 6f 6e 53 74 61 74 75 73 22 3a 30 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2a{"submissionStatus":0,"errorMessage":null}0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:05 UTC	660	OUT	GET / HTTP/1.1 Host: mailvlk.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:06 UTC	1290	IN	HTTP/1.1 403 Forbidden Date: Wed, 24 Apr 2024 13:43:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16512 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: B4FhJ7gQDkyc6LnMgA6zBeWL6qUmkh7u9/DQdr10vSrNUGakFHX0Ixa8eUkxBeWSRZEqqiUSFrcSIrcOvniP5MBnPCZCoTqkkrW3YqXlCfXQMZL2NcuXMotqPGPb3OCZWJ2W+IhDnzCYWeIMb+RG9w==$mcGEYlxit0PSw7clGuHchw== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
2024-04-24 13:43:06 UTC	405	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 69 44 55 76 5a 61 43 74 44 70 4a 79 33 71 46 36 71 6b 75 7a 67 37 7a 68 70 48 6d 65 62 68 43 54 4c 55 46 44 44 41 42 4e 65 79 53 6f 25 32 46 6c 4d 59 62 4d 45 33 61 37 44 79 4e 64 78 6c 79 64 57 42 7a 6f 48 46 44 6d 48 42 6e 65 49 78 74 30 44 7a 63 57 6b 72 39 58 43 68 6d 7a 64 25 32 46 63 4a 61 4a 65 25 32 42 38 6b 4e 47 45 78 51 4a 55 75 47 33 4d 33 76 46 6a 72 77 57 52 53 4a 77 51 68 33 67 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D"}],"group":"cf-nel","max_age":604800}
2024-04-24 13:43:06 UTC	1043	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4a 75 73 74 20 61 20 6d 6f 6d 65 6e 74 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewp
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 44 30 69 62 6d 39 75 5a 53 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 49 32 49 44 49 32 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 4e 4d 54 4d 67 4d 47 45 78 4d 79 41 78 4d 79 41 77 49 44 45 67 4d 43 41 77 49 44 49 32 49 44 45 7a 49 44 45 7a 49 44 41 67 4d 43 41 77 49 44 41 74 4d 6a 5a 74 4d 43 41 79 4e 47 45 78 4d 53 41 78 4d 53 41 77 49 44 45 67 4d 53 41 77 4c 54 49 79 49 44 45 78 49 44 45 78 49 44 41 67 4d 43 41 78 49 44 41 67 4d 6a 49 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 44 6c 6b 4f 57 51 35 49 69 42 6b 50 53 4a 74 Data Ascii: C9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSIgdmlld0JveD0iMCAwIDI2IDI2Ij48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJNMTMgMGExMyAxMyAwIDEgMCAwIDI2IDEzIDEzIDAgMCAwIDAtMjZtMCAyNGExMSAxMSAwIDEgMSAwLTIyIDExIDExIDAgMCAxIDAgMjIiLz48cGF0aCBmaWxsPSIjZDlkOWQ5IiBkPSJt
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 33 7d 62 6f 64 79 2e 64 61 72 6b 20 2e 62 69 67 2d 62 75 74 74 6f 6e 2c 62 6f 64 79 2e 64 61 72 6b 20 2e 70 6f 77 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 36 39 33 66 66 3b 63 6f 6c 6f 72 3a 23 31 64 31 64 31 64 7d 62 6f 64 79 2e 64 61 72 6b 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 7a 4d 69 49 67 61 47 56 70 5a 32 68 30 50 53 49 7a 4d 69 49 67 5a 6d 6c 73 62 Data Ascii: 3}body.dark .big-button,body.dark .pow-button{background-color:#4693ff;color:#1d1d1d}body.dark #challenge-success-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsb
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 72 69 6e 67 20 64 69 76 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 20 74 72 61 6e 73 70 61 72 65 6e 74 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2e 6c 69 67 68 74 20 2e 66 6f 6e 74 2d 72 65 64 7b 63 6f 6c 6f 72 3a 23 66 63 35 37 34 61 7d 62 6f 64 79 2e 6c 69 67 68 74 20 2e 62 69 67 2d 62 75 74 74 6f 6e 2c 62 6f 64 79 2e 6c 69 67 68 74 20 2e 70 6f 77 2d 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 33 36 38 31 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 30 33 36 38 31 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 62 6f 64 79 2e 6c 69 67 68 74 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d Data Ascii: ring div{border-color:#595959 transparent transparent}body.light .font-red{color:#fc574a}body.light .big-button,body.light .pow-button{background-color:#003681;border-color:#003681;color:#fff}body.light #challenge-success-text{background-image:url(data:im
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 63 6f 6c 6f 72 20 2e 31 35 73 20 65 61 73 65 7d 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 65 65 37 33 30 61 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 38 72 65 6d 20 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 36 30 72 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 68 65 61 64 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 68 65 69 67 68 74 3a 32 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 3b 77 69 64 74 68 3a 32 72 65 6d 7d 40 6d 65 64 69 61 20 28 77 69 64 74 68 20 3c 3d 20 37 32 30 70 78 29 7b 2e 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e Data Ascii: xt-decoration:none;transition:color .15s ease}a:hover{color:#ee730a;text-decoration:underline}.main-content{margin:8rem auto;max-width:60rem;width:100%}.heading-favicon{height:2rem;margin-right:.5rem;width:2rem}@media (width <= 720px){.main-content{margin
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 44 6b 74 4c 6a 59 31 49 44 41 74 4d 53 34 77 4e 54 59 74 4c 6a 4d 34 4f 53 30 75 4d 7a 6b 34 4c 53 34 7a 4f 44 6b 74 4c 6a 4d 35 4f 43 30 75 4f 54 67 30 49 44 41 74 4c 6a 55 35 4e 79 34 7a 4f 54 67 74 4c 6a 6b 34 4e 53 34 30 4d 44 59 74 4c 6a 4d 35 4e 79 41 78 4c 6a 41 31 4e 69 30 75 4d 7a 6b 33 49 69 38 2b 50 43 39 7a 64 6d 63 2b 29 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 34 70 78 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 7d 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 Data Ascii: DktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);padding-left:34px}#challenge-error-text,#challenge-success-text{background-repeat:no-repeat;background-size:contain}#challenge-success-text{ba
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 66 6f 6f 74 65 72 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 39 64 39 64 39 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 72 65 6d 7d 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 7d 2e 63 6c 65 61 72 66 69 78 20 2e 63 6f 6c 75 6d 6e 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 2e 35 72 65 6d 3b 77 69 64 74 68 3a 35 30 25 7d 2e 64 69 61 67 6e 6f 73 74 69 63 2d 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 7d 2e 66 6f 6f 74 65 72 20 2e 72 61 Data Ascii: ;width:100%}.footer-inner{border-top:1px solid #d9d9d9;padding-bottom:1rem;padding-top:1rem}.clearfix:after{clear:both;content:"";display:table}.clearfix .column{float:left;padding-right:1.5rem;width:50%}.diagnostic-wrapper{margin-bottom:.5rem}.footer .ra
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 69 6e 67 2d 66 61 76 69 63 6f 6e 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 73 75 63 63 65 73 73 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 34 32 70 78 7d 2e 72 74 6c 20 23 63 68 61 6c 6c 65 6e 67 65 2d 65 72 72 6f 72 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 33 34 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 Data Ascii: ing-favicon{margin-left:.5rem;margin-right:0}.rtl #challenge-success-text{background-position:100%;padding-left:0;padding-right:42px}.rtl #challenge-error-text{background-position:100%;padding-left:0;padding-right:34px}</style><meta http-equiv="refresh" c
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 4a 39 4c 72 68 34 69 68 75 4a 61 49 35 35 30 54 68 32 72 42 66 32 55 4e 6d 49 54 47 54 69 50 4e 4d 36 47 39 41 47 42 39 39 32 41 44 72 58 66 57 54 38 63 61 65 68 54 45 33 58 76 59 6d 6f 66 30 6f 50 46 48 54 59 42 79 66 62 72 65 31 37 49 31 6a 62 2e 42 6d 48 65 68 68 34 7a 4a 5f 46 4b 6f 35 33 49 52 6a 55 59 74 54 55 56 77 6b 35 4b 68 50 6e 50 47 4d 70 61 44 77 47 43 49 74 71 4d 30 42 30 73 59 39 66 72 71 4f 70 33 42 50 74 51 6b 61 37 7a 77 6f 56 79 34 61 61 59 38 38 33 53 41 4f 66 79 68 4d 56 35 78 63 31 79 66 2e 78 5f 73 42 75 78 53 5a 77 73 46 44 34 48 61 75 77 4e 49 77 7a 4d 7a 63 59 45 75 66 30 65 41 79 4b 74 73 72 32 30 6c 43 43 47 70 59 36 79 71 64 6c 32 63 69 6a 70 6d 35 6c 57 78 50 6e 36 6c 5f 74 4e 4e 36 6f 33 48 59 77 47 45 4b 6c 72 78 75 32 4a Data Ascii: J9Lrh4ihuJaI550Th2rBf2UNmITGTiPNM6G9AGB992ADrXfWT8caehTE3XvYmof0oPFHTYByfbre17I1jb.BmHehh4zJ_FKo53IRjUYtTUVwk5KhPnPGMpaDwGCItqM0B0sY9frqOp3BPtQka7zwoVy4aaY883SAOfyhMV5xc1yf.x_sBuxSZwsFD4HauwNIwzMzcYEuf0eAyKtsr20lCCGpY6yqdl2cijpm5lWxPn6l_tNN6o3HYwGEKlrxu2J

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:06 UTC	937	OUT	GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=879685369a8a0fc1 HTTP/1.1 Host: mailvlk.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.149" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.149", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.149" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://mailvlk.com/?__cf_chl_rt_tk=N7uH4Kxa9_0RyojcAoiu.zjjUwtHsqzk0ADVK3Dx5Fs-1713966186-0.0.1.1-1557 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:06 UTC	683	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 13:43:06 GMT Content-Type: application/javascript; charset=UTF-8 Transfer-Encoding: chunked Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5d7kaxd9r78qvnpFxGTgFd942xTMMyP%2F1CpUwHNC%2BRLRgeUOEo8EkkK1Hjz%2BYAZkXBrkq9Yv87XkLRsDerBCVZXqIeP0wvqH1qb%2BlITpiScAk9GsAtWUT1xENArcAw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 87968537ca4c08f0-LAX alt-svc: h3=":443"; ma=86400
2024-04-24 13:43:06 UTC	145	IN	Data Raw: 38 62 0d 0a 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 4f 3d 66 61 6c 73 65 3b 77 69 6e 64 6f 77 2e 5f 63 66 5f 63 68 6c 5f 6f 70 74 2e 75 61 53 52 3d 74 72 75 65 3b 7e 66 75 6e 63 74 69 6f 6e 28 69 35 2c 66 75 2c 66 76 2c 66 7a 2c 66 47 2c 66 49 2c 66 4a 2c 66 4b 2c 66 4c 2c 66 4d 2c 66 4e 2c 66 4f 2c 66 50 2c 66 51 2c 66 52 2c 66 53 2c 66 54 2c 66 55 2c 66 56 2c 66 57 2c 66 58 2c 66 59 2c 66 5a 2c 67 30 0d 0a Data Ascii: 8bwindow._cf_chl_opt.uaO=false;window._cf_chl_opt.uaSR=true;~function(i5,fu,fv,fz,fG,fI,fJ,fK,fL,fM,fN,fO,fP,fQ,fR,fS,fT,fU,fV,fW,fX,fY,fZ,g0
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 32 34 30 65 0d 0a 2c 67 31 2c 67 32 2c 67 33 2c 67 34 2c 67 35 2c 67 36 2c 67 37 2c 67 38 2c 67 39 2c 67 61 2c 67 62 2c 67 63 2c 67 64 2c 67 65 2c 67 66 2c 67 67 2c 67 68 2c 67 69 2c 67 6a 2c 67 6b 2c 67 6c 2c 67 6d 2c 67 6e 2c 67 6f 2c 67 70 2c 67 71 2c 67 72 2c 67 73 2c 67 75 2c 67 48 2c 67 55 2c 67 58 2c 68 39 2c 68 64 2c 68 68 2c 68 6b 2c 68 6c 2c 68 51 2c 68 53 2c 68 57 2c 68 58 2c 69 31 2c 69 32 2c 69 33 2c 68 69 2c 68 6a 29 7b 66 6f 72 28 69 35 3d 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 2c 69 34 2c 65 2c 66 29 7b 66 6f 72 28 69 34 3d 62 2c 65 3d 63 28 29 3b 21 21 5b 5d 3b 29 74 72 79 7b 69 66 28 66 3d 70 61 72 73 65 49 6e 74 28 69 34 28 32 32 36 36 29 29 2f 31 2b 2d 70 61 72 73 65 49 6e 74 28 69 34 28 32 30 31 38 29 29 2f 32 2b 70 61 72 73 65 49 Data Ascii: 240e,g1,g2,g3,g4,g5,g6,g7,g8,g9,ga,gb,gc,gd,ge,gf,gg,gh,gi,gj,gk,gl,gm,gn,go,gp,gq,gr,gs,gu,gH,gU,gX,h9,hd,hh,hk,hl,hQ,hS,hW,hX,i1,i2,i3,hi,hj){for(i5=b,function(c,d,i4,e,f){for(i4=b,e=c();!![];)try{if(f=parseInt(i4(2266))/1+-parseInt(i4(2018))/2+parseI
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 7d 2c 27 79 61 7a 55 75 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 7c 68 7d 2c 27 47 68 53 57 76 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 3c 3c 69 7d 2c 27 42 45 52 4e 6d 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 26 69 7d 2c 27 48 54 4f 77 71 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 2d 69 7d 2c 27 78 4d 72 6d 7a 27 3a 69 6d 28 32 32 38 32 29 2c 27 4f 4b 6f 57 4d 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 69 3d 3d 68 7d 2c 27 7a 69 47 47 4f 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 68 21 3d 69 7d 2c 27 50 55 72 49 74 27 3a 66 75 6e 63 74 69 6f 6e 28 68 2c 69 29 7b 72 65 74 75 72 6e 20 Data Ascii: },'yazUu':function(h,i){return i\|h},'GhSWv':function(h,i){return h<<i},'BERNm':function(h,i){return h&i},'HTOwq':function(h,i){return h-i},'xMrmz':im(2282),'OKoWM':function(h,i){return i==h},'ziGGO':function(h,i){return h!=i},'PUrIt':function(h,i){return
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 28 31 32 35 30 29 5d 28 30 29 2c 78 3d 30 3b 38 3e 78 3b 49 3d 4e 26 31 2e 37 35 7c 49 3c 3c 31 2e 31 38 2c 4a 3d 3d 64 5b 69 71 28 32 38 30 32 29 5d 28 6a 2c 31 29 3f 28 4a 3d 30 2c 48 5b 69 71 28 31 34 33 32 29 5d 28 64 5b 69 71 28 31 34 39 31 29 5d 28 6f 2c 49 29 29 2c 49 3d 30 29 3a 4a 2b 2b 2c 4e 3e 3e 3d 31 2c 78 2b 2b 29 3b 7d 7d 65 6c 73 65 7b 66 6f 72 28 4e 3d 31 2c 78 3d 30 3b 78 3c 47 3b 49 3d 64 5b 69 71 28 31 33 33 37 29 5d 28 49 3c 3c 31 2c 4e 29 2c 4a 3d 3d 6a 2d 31 3f 28 4a 3d 30 2c 48 5b 69 71 28 31 34 33 32 29 5d 28 64 5b 69 71 28 32 35 37 36 29 5d 28 6f 2c 49 29 29 2c 49 3d 30 29 3a 4a 2b 2b 2c 4e 3d 30 2c 78 2b 2b 29 3b 66 6f 72 28 4e 3d 44 5b 69 71 28 31 32 35 30 29 5d 28 30 29 2c 78 3d 30 3b 64 5b 69 71 28 31 35 30 30 29 5d 28 31 36 Data Ascii: (1250)](0),x=0;8>x;I=N&1.75\|I<<1.18,J==d[iq(2802)](j,1)?(J=0,H[iq(1432)](d[iq(1491)](o,I)),I=0):J++,N>>=1,x++);}}else{for(N=1,x=0;x<G;I=d[iq(1337)](I<<1,N),J==j-1?(J=0,H[iq(1432)](d[iq(2576)](o,I)),I=0):J++,N=0,x++);for(N=D[iq(1250)](0),x=0;d[iq(1500)](16
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 2c 48 5b 69 71 28 31 34 33 32 29 5d 28 64 5b 69 71 28 31 35 34 38 29 5d 28 6f 2c 49 29 29 2c 49 3d 30 29 3a 4a 2b 2b 2c 4e 3e 3e 3d 31 2c 78 2b 2b 29 3b 66 6f 72 28 3b 3b 29 69 66 28 49 3c 3c 3d 31 2c 4a 3d 3d 64 5b 69 71 28 31 35 30 32 29 5d 28 6a 2c 31 29 29 7b 69 66 28 64 5b 69 71 28 31 31 31 38 29 5d 21 3d 3d 64 5b 69 71 28 31 31 31 38 29 5d 29 7b 66 6f 72 28 51 3d 69 71 28 39 38 38 29 5b 69 71 28 32 30 31 30 29 5d 28 27 7c 27 29 2c 52 3d 30 3b 21 21 5b 5d 3b 29 7b 73 77 69 74 63 68 28 51 5b 52 2b 2b 5d 29 7b 63 61 73 65 27 30 27 3a 54 3d 28 53 3d 7b 7d 2c 53 5b 69 71 28 31 38 38 34 29 5d 3d 64 5b 69 71 28 37 33 30 29 5d 2c 53 29 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 31 27 3a 53 28 69 71 28 32 37 39 31 29 2c 66 75 6e 63 74 69 6f 6e 28 55 2c 69 Data Ascii: ,H[iq(1432)](d[iq(1548)](o,I)),I=0):J++,N>>=1,x++);for(;;)if(I<<=1,J==d[iq(1502)](j,1)){if(d[iq(1118)]!==d[iq(1118)]){for(Q=iq(988)[iq(2010)]('\|'),R=0;!![];){switch(Q[R++]){case'0':T=(S={},S[iq(1884)]=d[iq(730)],S);continue;case'1':S(iq(2791),function(U,i
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 4f 3d 65 28 4a 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 27 27 7d 66 6f 72 28 45 3d 73 5b 33 5d 3d 4f 2c 44 5b 69 78 28 31 34 33 32 29 5d 28 4f 29 3b 3b 29 7b 69 66 28 64 5b 69 78 28 38 39 36 29 5d 28 49 2c 69 29 29 72 65 74 75 72 6e 27 27 3b 66 6f 72 28 4a 3d 30 2c 4b 3d 4d 61 74 68 5b 69 78 28 38 36 37 29 5d 28 32 2c 43 29 2c 46 3d 31 3b 64 5b 69 78 28 32 33 34 38 29 5d 28 46 2c 4b 29 3b 4e 3d 64 5b 69 78 28 38 32 33 29 5d 28 47 2c 48 29 2c 48 3e 3e 3d 31 2c 30 3d 3d 48 26 26 28 48 3d 6a 2c 47 3d 64 5b 69 78 28 39 37 35 29 5d 28 6f 2c 49 2b 2b 29 29 2c 4a 7c 3d 28 30 3c 4e 3f 31 3a 30 29 2a 46 2c 46 3c 3c 3d 31 29 3b 73 77 69 74 63 68 28 4f 3d 4a 29 7b 63 61 73 65 20 30 3a 66 6f 72 28 4a 3d 30 Data Ascii: :0)F,F<<=1);O=e(J);break;case 2:return''}for(E=s[3]=O,D[ix(1432)](O);;){if(d[ix(896)](I,i))return'';for(J=0,K=Math[ix(867)](2,C),F=1;d[ix(2348)](F,K);N=d[ix(823)](G,H),H>>=1,0==H&&(H=j,G=d[ix(975)](o,I++)),J\|=(0<N?1:0)F,F<<=1);switch(O=J){case 0:for(J=0
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 69 5e 6a 7d 2c 64 5b 69 42 28 31 32 39 36 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 6a 5e 69 7d 2c 64 5b 69 42 28 31 32 39 30 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 69 25 6a 7d 2c 64 5b 69 42 28 32 35 34 37 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 6a 5e 69 7d 2c 64 5b 69 42 28 35 32 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 69 5e 6a 7d 2c 64 5b 69 42 28 32 34 37 31 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 69 5e 6a 7d 2c 64 5b 69 42 28 31 30 37 39 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6a 29 7b 72 65 74 75 72 6e 20 6a 26 69 7d 2c 64 5b Data Ascii: function(i,j){return i^j},d[iB(1296)]=function(i,j){return j^i},d[iB(1290)]=function(i,j){return i%j},d[iB(2547)]=function(i,j){return j^i},d[iB(522)]=function(i,j){return i^j},d[iB(2471)]=function(i,j){return i^j},d[iB(1079)]=function(i,j){return j&i},d[
2024-04-24 13:43:06 UTC	1024	IN	Data Raw: 65 5b 69 43 28 31 33 38 38 29 5d 28 31 33 31 2c 74 68 69 73 2e 67 29 5d 5b 33 5d 5e 65 5b 69 43 28 32 36 34 30 29 5d 28 37 38 2b 74 68 69 73 2e 68 5b 65 5b 69 43 28 31 33 38 38 29 5d 28 31 33 31 2c 74 68 69 73 2e 67 29 5d 5b 31 5d 5b 69 43 28 31 32 35 30 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 33 31 2e 36 36 5d 5b 30 5d 2b 2b 29 2c 32 35 35 29 2c 6c 3d 65 5b 69 43 28 31 39 39 38 29 5d 28 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 33 31 5d 5b 33 5d 2c 37 38 2b 74 68 69 73 2e 68 5b 74 68 69 73 2e 67 5e 31 33 31 5d 5b 31 5d 5b 69 43 28 31 32 35 30 29 5d 28 74 68 69 73 2e 68 5b 65 5b 69 43 28 31 39 39 38 29 5d 28 31 33 31 2c 74 68 69 73 2e 67 29 5d 5b 30 5d 2b 2b 29 26 32 35 35 29 2c 6d 3d 2d 31 2c 6e 3d 30 2c 48 3d 3d 3d 31 39 31 3f 28 6d 3d Data Ascii: e[iC(1388)](131,this.g)][3]^e[iC(2640)](78+this.h[e[iC(1388)](131,this.g)][1][iC(1250)](this.h[this.g^131.66][0]++),255),l=e[iC(1998)](this.h[this.g^131][3],78+this.h[this.g^131][1][iC(1250)](this.h[e[iC(1998)](131,this.g)][0]++)&255),m=-1,n=0,H===191?(m=
2024-04-24 13:43:06 UTC	1369	IN	Data Raw: 38 38 39 0d 0a 2e 30 33 5e 6b 2c 74 68 69 73 2e 67 29 5d 2c 74 68 69 73 2e 68 5b 65 5b 69 43 28 31 33 38 38 29 5d 28 65 5b 69 43 28 31 30 33 30 29 5d 28 6c 2c 31 35 29 2c 74 68 69 73 2e 67 29 5d 29 29 3a 36 35 3d 3d 3d 54 3f 28 6d 3d 65 5b 69 43 28 31 33 38 38 29 5d 28 6a 2c 32 34 34 29 2c 6e 3d 74 68 69 73 2e 68 5b 65 5b 69 43 28 37 35 39 29 5d 28 65 5b 69 43 28 31 38 35 34 29 5d 28 6b 2c 31 33 39 29 2c 74 68 69 73 2e 67 29 5d 7c 74 68 69 73 2e 68 5b 65 5b 69 43 28 38 35 32 29 5d 28 65 5b 69 43 28 31 38 33 34 29 5d 28 6c 2c 31 38 33 29 2c 74 68 69 73 2e 67 29 5d 29 3a 55 3d 3d 3d 31 33 3f 28 6d 3d 65 5b 69 43 28 31 30 33 30 29 5d 28 6a 2c 32 33 30 29 2c 6e 3d 65 5b 69 43 28 31 31 35 35 29 5d 28 74 68 69 73 2e 68 5b 65 5b 69 43 28 37 35 39 29 5d 28 65 5b Data Ascii: 889.03^k,this.g)],this.h[e[iC(1388)](e[iC(1030)](l,15),this.g)])):65===T?(m=e[iC(1388)](j,244),n=this.h[e[iC(759)](e[iC(1854)](k,139),this.g)]\|this.h[e[iC(852)](e[iC(1834)](l,183),this.g)]):U===13?(m=e[iC(1030)](j,230),n=e[iC(1155)](this.h[e[iC(759)](e[
2024-04-24 13:43:06 UTC	823	IN	Data Raw: 32 29 5d 3d 69 44 28 36 34 37 29 2c 69 5b 69 44 28 32 32 36 39 29 5d 3d 69 44 28 31 31 30 31 29 2c 69 5b 69 44 28 37 34 34 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 5b 69 44 28 32 30 37 32 29 5d 3d 66 75 6e 63 74 69 6f 6e 28 43 2c 44 29 7b 72 65 74 75 72 6e 20 43 2b 44 7d 2c 69 29 3b 74 72 79 7b 69 66 28 6b 3d 6a 5b 69 44 28 32 30 39 39 29 5d 28 68 2c 69 44 28 32 30 30 37 29 29 2c 6c 3d 66 75 5b 69 44 28 37 36 31 29 5d 5b 69 44 28 32 32 38 36 29 5d 3f 6a 5b 69 44 28 32 33 30 39 29 5d 28 27 68 2f 27 2b 66 75 5b 69 44 28 37 36 31 29 5d 5b 69 44 28 32 32 38 36 29 5d 2c 27 2f 27 29 3a 27 27 2c 6d 3d 6a 5b 69 44 28 32 32 35 34 29 5d 28 6a 5b 69 44 28 32 32 35 34 29 5d 28 6a 5b 69 44 28 32 35 37 38 29 5d 28 6a 5b Data Ascii: 2)]=iD(647),i[iD(2269)]=iD(1101),i[iD(744)]=function(C,D){return C+D},i[iD(2072)]=function(C,D){return C+D},i);try{if(k=j[iD(2099)](h,iD(2007)),l=fu[iD(761)][iD(2286)]?j[iD(2309)]('h/'+fu[iD(761)][iD(2286)],'/'):'',m=j[iD(2254)](j[iD(2254)](j[iD(2578)](j[

Timestamp	Bytes transferred	Direction	Data
2024-04-24 13:43:06 UTC	530	OUT	OPTIONS /report/v4?s=iDUvZaCtDpJy3qF6qkuzg7zhpHmebhCTLUFDDABNeySo%2FlMYbME3a7DyNdxlydWBzoHFDmHBneIxt0DzcWkr9XChmzd%2FcJaJe%2B8kNGExQJUuG3M3vFjrwWRSJwQh3g%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://mailvlk.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 13:43:07 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Wed, 24 Apr 2024 13:43:06 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close