Windows Analysis Report
Scanned from Xerox Multi.......rtf

Overview

General Information

Sample name:	Scanned from Xerox Multi.......rtf
Analysis ID:	1432309
MD5:	09d5e8d546579e6b05a7742aeb3e9837
SHA1:	a7fbd839bc3cc23b3065a3edc1e80c9901708dc5
SHA256:	0a620c7e5a0bdb1d770f3ee6660ea19f73dac21cfea209817ae50298b4004dce
Infos:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Phishing site detected (based on logo match)

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

IP address seen in connection with other malware

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 2.3.pages.csv, type: HTML

Phishing site detected (based on logo match)

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

Matcher: Template: onedrive matched

HTML body contains low number of good links

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...

HTML title does not match URL

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: Title: auzpiBswkb does not match URL

Invalid T&C link found

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: Invalid link: Terms of use
Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: Invalid link: Privacy & cookies

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: <input type="password" .../> found

Source: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal	HTTP Parser: No favicon
Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: No favicon

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: No <meta name="author".. found

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49841 version: TLS 1.2

Source: winword.exe

Memory has grown: Private usage: 4MB later: 79MB

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View	IP Address: 18.64.174.30 18.64.174.30
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=28YrAnfnORRZYM5&MD=mFHV7byd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ZfsD/ HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a8b6d8bbaea512 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkRRV0ZPNUEwUnJodUdsWVNtWnp1cWc9PSIsInZhbHVlIjoiakRJVVZHLzgySWJXSmMvdHVmbW5MS2NUYm55M0hjc2xKMC9mVEZVMThOdXdkWmlBanJLL1BNYlhNL292RUo2ejNnQlBaeWx2bXIxSVhUM0Mzc2tER1B1UHlMYWpZZkowYktGQTZJd0VyS3J6TnErcGRFZUlqNnI1VjlPKyswdXIiLCJtYWMiOiI4YjVkNWY1NWE5NmQzMzlmYWQ2NWJlYTU0N2Y3YjI2NDNhZmM1ODQ3MTQ4ZmQ4N2ZhNTUwMDFiYWY0ODAxY2FjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Unk1aWNldm5oZnFrVm9LNXdRZHc9PSIsInZhbHVlIjoiaUJYYWt4Wi92UzNGMmZDZjhTS25xZGdoeUxmU2NqWTFPclVQZjEwaHZ6UXFCeXRmREJYaXF3MnhheXpTVkViUTVUODFzZmVQU2ZzbjZUQzhrMzV3clVRNjBlcFg5b3JjaTNTczhqYWd6SzZDZXBkbzdtekFOSFE0MHVzT00xaDgiLCJtYWMiOiJlYjE4NzVmZjRmNTA3YmFiNzJjOWQxZWNhZDI3YzhmYzVkNWUwZTdhYzBhOWI1ZmQxYWM2MmI0Njg2ZWMwYjQxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a8b6d8bbaea512/1714156964719/SMKxe5Z_iWNHnVj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/87a8b6d8bbaea512/1714156964720/c851542a0fb9c7f405ff22ef7e00202e2cdf780f33eb290de3bf984553562d9a/YTcdMNa1hGmjoa4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a8b6d8bbaea512/1714156964719/SMKxe5Z_iWNHnVj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZfsD/ HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjE1bURXYXh2c1kwUlIxb0gxMDhrbHc9PSIsInZhbHVlIjoidzRmWmdIQ3EveHhDVTZKdFRyT3hsU1RncXBnUXNtclVPZ2lDYlNSMHo4R3lBNS9DQ1pDY0JqNllDNnlNL1ZmTU5FRktzelRNQ0I4ZlF1Qm8wbW1ObS9MWXFhekpNajV2QUVDc0x6SXFYNE5ocjcxdmpnVjdtZno4UjNxbXpSdDEiLCJtYWMiOiIxMWQ0MTkxOTZmMGU3NjFkOTk3ZDgzMzJmNzk0NjhhZjcwNGNmYjJlN2JkNzU3MzJhM2YxZjUwYWZhNWY2NDlkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBIZ1hJamovTVNtOG80M2QxbklBNHc9PSIsInZhbHVlIjoiK1Y1ejdwYloydEN1YmdDcXVNZUhYWmNvM0lROE84VENydFI5bHFrc1h3WWRaMDFmak9PWGFTTkhoWGVRY2prMzNHTWlYMXlmc08rWlFjSGtBVnE3YmcySDdEQ1RxZERzUngyeDlYamhkMTB4ZTEyNldlZ3dXaGkrRER0dWV3RG4iLCJtYWMiOiJkN2E2MjFlM2UzNWMyOTM5ZDE3Nzk0MjI1OTQ4NzVjMjBjOTUxYjUxNzMxYzNkZWU2N2M5MGY2OTFlMzQ5ODg1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /pbojxQ72H4tLgofgGE7AReV3iyAcqjKPFuQcx HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjE1bURXYXh2c1kwUlIxb0gxMDhrbHc9PSIsInZhbHVlIjoidzRmWmdIQ3EveHhDVTZKdFRyT3hsU1RncXBnUXNtclVPZ2lDYlNSMHo4R3lBNS9DQ1pDY0JqNllDNnlNL1ZmTU5FRktzelRNQ0I4ZlF1Qm8wbW1ObS9MWXFhekpNajV2QUVDc0x6SXFYNE5ocjcxdmpnVjdtZno4UjNxbXpSdDEiLCJtYWMiOiIxMWQ0MTkxOTZmMGU3NjFkOTk3ZDgzMzJmNzk0NjhhZjcwNGNmYjJlN2JkNzU3MzJhM2YxZjUwYWZhNWY2NDlkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBIZ1hJamovTVNtOG80M2QxbklBNHc9PSIsInZhbHVlIjoiK1Y1ejdwYloydEN1YmdDcXVNZUhYWmNvM0lROE84VENydFI5bHFrc1h3WWRaMDFmak9PWGFTTkhoWGVRY2prMzNHTWlYMXlmc08rWlFjSGtBVnE3YmcySDdEQ1RxZERzUngyeDlYamhkMTB4ZTEyNldlZ3dXaGkrRER0dWV3RG4iLCJtYWMiOiJkN2E2MjFlM2UzNWMyOTM5ZDE3Nzk0MjI1OTQ4NzVjMjBjOTUxYjUxNzMxYzNkZWU2N2M5MGY2OTFlMzQ5ODg1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ZfsD/?eMjeffrey.becker@pemcoair.com HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Iml2dzFzeXhqZytFb0JWODVyYittYkE9PSIsInZhbHVlIjoiNXMxTVdVR3RLR2dCK3BJbVI0Z0dyTFQ5dXVNMTBOV0ZRSlViSVE0SGRKVjRtdlNaa2d6M3JqMnVlUTVjSVNGdTV1aGNibWJwQ2ZObmZYcFNGWTFrS3NrZ3ZaNnZLUzRhQVFsVHNPT3k5ZHZ4U3NZdExKZG93SWo3VlAvK2pseEoiLCJtYWMiOiI3ODUxOWUyZjk4NmYwY2JiZDUyY2I3NDdkZGYxZWZmNDE0YjYxMmIyNDRmYmMyNzViNDBiMTc3NmVkNTkxZDk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkxrbDd4OUJ2R2pqdUFUM3JEeEN5VlE9PSIsInZhbHVlIjoiR2JIbjQrQXBYa3ovZVNQU0lCZERhQjcvUlRSV1BzLytjR0FjRU9tSGQ1N1F6ZHVqYjJoQmtnQ2hyRzZ3OUxoU09PeGd3ZHRYVmR3cEFlRHUyRkVYWnM1SHY0bkp2OGtveFpKbmluc3hqL29raUtQemsrSjduOUdCSmt0MDBzaW0iLCJtYWMiOiIwYWIzNjU2NjI3YzI3ZmJlMTgwYTA0ODhlOWJmN2EwZjZjMzUxYzFmZWNiZWM0ODQ5Nzc4MjE0MmI4NGIxYTNiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjR5eDZCMTg2clZqY2RkdjQzWk14VGc9PSIsInZhbHVlIjoiU3kvYmRYbjhrd3psOGhHK0lWb05mbTlvZHdFL2QvUFp5bERoaXJXWHZ1RDcrMFdhTTNKY0daMTZSemVaS2JLdG5uaGxYSkZqMWtwd2ZLWDd6T2tYZmNoTktLOE8xTHVyMlhteXNSQmc2MC8rck1PN0t5eUVBZ1ZKWndnUTdHT2siLCJtYWMiOiI2YzY2OTUyZmM4ZjYxZGViYjMyNWM0NjZkMTEyMThmNjZiMzIyMDE5Y2QwN2IxNzhjZTc0YWU2MWFmOTcyNTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImhINVNKVGtsVFBaR1FRVnBoOEQyU0E9PSIsInZhbHVlIjoiTnBVcENuRWhENE1XbFAvUURCWUJsWVBnaEZHUjVZbVhociszVGVEalpsUXplTXh4R2hsV0hySFYvQ0hWZ3k1eXNHWDdlTnJpS0pweFVmaWZ0am1LbEYzRlVsaVRCMEw1bkdTKysrVTBENE5NLzZiem5ab0tPT3JydU11Ym5OUU8iLCJtYWMiOiJlNWFhYzZjNDI4ODUyNGI2N2U2Yjg5MGIxMDI2NzEzOTE3OTlhNjU0ZjA5YTc5ZmQwNTMzZGZhZDA4MDZmMjdkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /127ByNiIcWcdGUUh8M6720 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /abQdL01Jjir0BpqLef21 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /pqlp1rDTOuX1264uv40 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /12HnvHvrNcOga56q20IkNop50 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /902LGowr0rF5PYRNje23uwGGgst60 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /23gdnEhmGyuZfDob6fL89ny8O4lxy67 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /90650F54P1rlWj27Ff7efPrKDdIF6gyz80 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdyRvtaVoNmRIU378UrrRFOlQmn96 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34pHvmluZj5N5HgDjcJMKghttQ8CN7bkZNl89110 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3DSec-WebSocket-Key: dSV7NhIG0ybb0bziw6CZBw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /stPcVEeSmCWpySyuFQYrrGLm25YHKajvsXLAUxaImEwhmVt1OeTi6J3V3voHflyX0QmntuRh233MccfP8Ept2ddSPIMU3RJzIhfMHBnapef386 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzLBUJq0kbJO1aCyfVINYTZ6NJv22Dnt0yB5M7L5PNy5dNcGP0o7dNyXmkWBSOabFhFEuUEONuKBim0whGnXoEqa1RnoZQ70acd370 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ujTNSL8np3A8DJhKiODWvPHPq3ufnB5Acfc9xhGtAZnhexe8O1zKov HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9WPFoN8oKyRtRFm9o3fbpAoIXm3VstoiIRoPJ9oSrE7vKdN4ia34128 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stPcVEeSmCWpySyuFQYrrGLm25YHKajvsXLAUxaImEwhmVt1OeTi6J3V3voHflyX0QmntuRh233MccfP8Ept2ddSPIMU3RJzIhfMHBnapef386 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opveffAB7vKR3iJpN1evtcBR96AmnZlMQCTgWVGZQM4KOP67140 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnanTXvAPynIQS6cBPuv4kUFDzl3I1xk90146 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijKeDPlgPChWaPxShuVOsWzd0yzNT6FQJMe9UpFSl78170 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzOfv1vad9P9hmqZugSh8sFC0ATn4f1FDrsiD9g7K8loVRRvLpiab178 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzLBUJq0kbJO1aCyfVINYTZ6NJv22Dnt0yB5M7L5PNy5dNcGP0o7dNyXmkWBSOabFhFEuUEONuKBim0whGnXoEqa1RnoZQ70acd370 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opcxIP3XuxImCZd2z01QTGrKANMoLijKBjIUOwrshFuhqUkBExVDncd198 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opveffAB7vKR3iJpN1evtcBR96AmnZlMQCTgWVGZQM4KOP67140 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh3mVd4nBfXO2p7UAcQtwl0uykl7Kn1BYrNmFY3LfuqKWIWpp9YSM8A12210 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzOfv1vad9P9hmqZugSh8sFC0ATn4f1FDrsiD9g7K8loVRRvLpiab178 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrLHnYYQVI2DiRAZfcLVQqAvyp12ImLtE8aSXimRtUNc3OB2srxrHef232 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijKeDPlgPChWaPxShuVOsWzd0yzNT6FQJMe9UpFSl78170 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opcxIP3XuxImCZd2z01QTGrKANMoLijKBjIUOwrshFuhqUkBExVDncd198 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnanTXvAPynIQS6cBPuv4kUFDzl3I1xk90146 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9GcDjKJBYNkBw9cwHd1VPWGDETbhEL67np9GaJkd3GQCu6DAuQlBfdXmGX7KkStjkgh260 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh3mVd4nBfXO2p7UAcQtwl0uykl7Kn1BYrNmFY3LfuqKWIWpp9YSM8A12210 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: bbjd4L+1rawFDC8oRHL7fg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /qrLHnYYQVI2DiRAZfcLVQqAvyp12ImLtE8aSXimRtUNc3OB2srxrHef232 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9WPFoN8oKyRtRFm9o3fbpAoIXm3VstoiIRoPJ9oSrE7vKdN4ia34128 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9GcDjKJBYNkBw9cwHd1VPWGDETbhEL67np9GaJkd3GQCu6DAuQlBfdXmGX7KkStjkgh260 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=28YrAnfnORRZYM5&MD=mFHV7byd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: l0nAAc4Q6MWuqr5v8IcZfg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: ZUBFeY+0VhWG0iOXAHeO8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: X0xw+NAMtbhjM/wOxCBV7A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: Ft6c5Xs2Q8eJLRMawOnDQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: hqve.livermi.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:42:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Age: 1486Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ziice%2Fw99nJiASNcKzPq0E0Ccvt5rmDXSeJWrPA6dNls%2Bm2Rrag02WwD3RRxf5i%2B5sz4GgaGBj8du8bifA4CdJIoBETIjxRtgTuEsDzaIg5ohuuZs%2Bdj71GketTk3A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: HITServer: cloudflareCF-RAY: 87a8b6e09f2a9ae5-MIA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:43:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3k1BdaLEmcMMUQzpsoItmGqGs2TzJB9u%2BR39Bj%2F3kJIcmN2FNH5RHMC0zScFC2MVWMKp4K7xmw4u5uJ3juwYT6BEIWVRFYxwy%2Bs1FrkWNRyFehKmPhUu2L0%2BQsQo4Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 87a8b751c93d31d2-MIA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:43:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xA7UXabNngVFwd54eObTAO6vD%2BOaX8UONCXw99k6biE6SC97OttnBYncaXaIOz3LP7aqocXYBirDnI11WYshAplxc5OaxpK0qRbLpq2qxow4pqds2WwiNNq9yyNqdg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 87a8b7767dd19af2-MIA

Source: chromecache_295.7.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_295.7.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: Scanned from Xerox Multi.......rtf, ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker
Source: ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://hqve.livermi.com/ZfsD/yX
Source: Scanned from Xerox Multi.......rtf, ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://pemcoair.com/Scanned_from_Xexox_Multifun...
Source: chromecache_295.7.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_295.7.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_295.7.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_295.7.dr, chromecache_265.7.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_295.7.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_265.7.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49841 version: TLS 1.2

Document contains embedded VBA macros

Source: iso690nmerical.xsl.0.dr	OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr	OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: iso690.xsl.0.dr	OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr	OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr	OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr	OLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr	OLE indicator, VBA macros: true
Source: gb.xsl.0.dr	OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: ~DFECCB20F43FF67480.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal52.phis.winRTF@18/306@22/10

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Office

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{99E6F638-5C51-495F-B690-01F572F6E6CE} - OProcSessId.dat

Jump to behavior

Source: Element design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	OLE indicator, Word Document stream: true
Source: Insight design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr	OLE indicator, Word Document stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\Scanned from Xerox Multi.......rtf" /o ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,4686805487869512194,3468889412863519454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,4686805487869512194,3468889412863519454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Scanned from Xerox Multi.......LNK.0.dr	LNK file: ..\..\..\..\..\Desktop\Scanned from Xerox Multi.......rtf
Source: Google Drive.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: Element design set.dotx.0.dr

Initial sample: OLE indicators vbamacros = False

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.217.164	unknown	United States	15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
18.64.174.30	d2vgu95hoyrpkh.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
104.21.65.208	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.217.228	www.google.com	United States	15169	GOOGLEUS	false
172.67.167.15	hqve.livermi.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.194.137	true
d2vgu95hoyrpkh.cloudfront.net	18.64.174.30	true
challenges.cloudflare.com	104.17.3.184	true
www.google.com	142.250.217.228	true
hqve.livermi.com	172.67.167.15	true
cdn.socket.io	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hqve.livermi.com/pqlp1rDTOuX1264uv40	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/23gdnEhmGyuZfDob6fL89ny8O4lxy67	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/gh3mVd4nBfXO2p7UAcQtwl0uykl7Kn1BYrNmFY3LfuqKWIWpp9YSM8A12210	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://hqve.livermi.com/cdyRvtaVoNmRIU378UrrRFOlQmn96	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/uv9GcDjKJBYNkBw9cwHd1VPWGDETbhEL67np9GaJkd3GQCu6DAuQlBfdXmGX7KkStjkgh260	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/yzOfv1vad9P9hmqZugSh8sFC0ATn4f1FDrsiD9g7K8loVRRvLpiab178	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/34pHvmluZj5N5HgDjcJMKghttQ8CN7bkZNl89110	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/qrLHnYYQVI2DiRAZfcLVQqAvyp12ImLtE8aSXimRtUNc3OB2srxrHef232	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a8b6d8bbaea512	false		high
https://hqve.livermi.com/opveffAB7vKR3iJpN1evtcBR96AmnZlMQCTgWVGZQM4KOP67140	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/opcxIP3XuxImCZd2z01QTGrKANMoLijKBjIUOwrshFuhqUkBExVDncd198	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://hqve.livermi.com/ZfsD/?eMjeffrey.becker@pemcoair.com	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/87a8b6d8bbaea512/1714156964720/c851542a0fb9c7f405ff22ef7e00202e2cdf780f33eb290de3bf984553562d9a/YTcdMNa1hGmjoa4	false		high
https://hqve.livermi.com/yzLBUJq0kbJO1aCyfVINYTZ6NJv22Dnt0yB5M7L5PNy5dNcGP0o7dNyXmkWBSOabFhFEuUEONuKBim0whGnXoEqa1RnoZQ70acd370	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/127ByNiIcWcdGUUh8M6720	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=Ziice%2Fw99nJiASNcKzPq0E0Ccvt5rmDXSeJWrPA6dNls%2Bm2Rrag02WwD3RRxf5i%2B5sz4GgaGBj8du8bifA4CdJIoBETIjxRtgTuEsDzaIg5ohuuZs%2Bdj71GketTk3A%3D%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal	false		high
https://hqve.livermi.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/12HnvHvrNcOga56q20IkNop50	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/90650F54P1rlWj27Ff7efPrKDdIF6gyz80	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/87a8b6d8bbaea512/1714156964719/SMKxe5Z_iWNHnVj	false		high
https://hqve.livermi.com/ujTNSL8np3A8DJhKiODWvPHPq3ufnB5Acfc9xhGtAZnhexe8O1zKov	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/ijKeDPlgPChWaPxShuVOsWzd0yzNT6FQJMe9UpFSl78170	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/stPcVEeSmCWpySyuFQYrrGLm25YHKajvsXLAUxaImEwhmVt1OeTi6J3V3voHflyX0QmntuRh233MccfP8Ept2ddSPIMU3RJzIhfMHBnapef386	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com	false		unknown
https://hqve.livermi.com/uv9WPFoN8oKyRtRFm9o3fbpAoIXm3VstoiIRoPJ9oSrE7vKdN4ia34128	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	true		unknown
https://hqve.livermi.com/web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/ZfsD/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.socket.io/4.6.0/socket.io.min.js	false		high
https://hqve.livermi.com/mnanTXvAPynIQS6cBPuv4kUFDzl3I1xk90146	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/pbojxQ72H4tLgofgGE7AReV3iyAcqjKPFuQcx	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/902LGowr0rF5PYRNje23uwGGgst60	false	Avira URL Cloud: safe	unknown
https://hqve.livermi.com/abQdL01Jjir0BpqLef21	false	Avira URL Cloud: safe	unknown

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 2.3.pages.csv, type: HTML

Phishing site detected (based on logo match)

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

Matcher: Template: onedrive matched

HTML body contains low number of good links

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden URLs or javascript code

Source: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com

HTML title does not match URL

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: Title: auzpiBswkb does not match URL

Invalid T&C link found

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: Invalid link: Terms of use
Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: Invalid link: Privacy & cookies

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: <input type="password" .../> found

Source: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal	HTTP Parser: No favicon
Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE	HTTP Parser: No favicon

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: No <meta name="author".. found

Source: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49841 version: TLS 1.2

Source: winword.exe

Memory has grown: Private usage: 4MB later: 79MB

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.17.3.184 104.17.3.184
Source: Joe Sandbox View	IP Address: 151.101.194.137 151.101.194.137
Source: Joe Sandbox View	IP Address: 18.64.174.30 18.64.174.30
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=28YrAnfnORRZYM5&MD=mFHV7byd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ZfsD/ HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=87a8b6d8bbaea512 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkRRV0ZPNUEwUnJodUdsWVNtWnp1cWc9PSIsInZhbHVlIjoiakRJVVZHLzgySWJXSmMvdHVmbW5MS2NUYm55M0hjc2xKMC9mVEZVMThOdXdkWmlBanJLL1BNYlhNL292RUo2ejNnQlBaeWx2bXIxSVhUM0Mzc2tER1B1UHlMYWpZZkowYktGQTZJd0VyS3J6TnErcGRFZUlqNnI1VjlPKyswdXIiLCJtYWMiOiI4YjVkNWY1NWE5NmQzMzlmYWQ2NWJlYTU0N2Y3YjI2NDNhZmM1ODQ3MTQ4ZmQ4N2ZhNTUwMDFiYWY0ODAxY2FjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ijc5Unk1aWNldm5oZnFrVm9LNXdRZHc9PSIsInZhbHVlIjoiaUJYYWt4Wi92UzNGMmZDZjhTS25xZGdoeUxmU2NqWTFPclVQZjEwaHZ6UXFCeXRmREJYaXF3MnhheXpTVkViUTVUODFzZmVQU2ZzbjZUQzhrMzV3clVRNjBlcFg5b3JjaTNTczhqYWd6SzZDZXBkbzdtekFOSFE0MHVzT00xaDgiLCJtYWMiOiJlYjE4NzVmZjRmNTA3YmFiNzJjOWQxZWNhZDI3YzhmYzVkNWUwZTdhYzBhOWI1ZmQxYWM2MmI0Njg2ZWMwYjQxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a8b6d8bbaea512/1714156964719/SMKxe5Z_iWNHnVj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/87a8b6d8bbaea512/1714156964720/c851542a0fb9c7f405ff22ef7e00202e2cdf780f33eb290de3bf984553562d9a/YTcdMNa1hGmjoa4 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/aw737/0x4AAAAAAAV4SKaiqHRED42t/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/87a8b6d8bbaea512/1714156964719/SMKxe5Z_iWNHnVj HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1381903062:1714152618:NgNvC13nELqfhW0yvrqSe0v-XPx2tJEjtGEyp_JQCO4/87a8b6d8bbaea512/8cc367b37e0391d HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ZfsD/ HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjE1bURXYXh2c1kwUlIxb0gxMDhrbHc9PSIsInZhbHVlIjoidzRmWmdIQ3EveHhDVTZKdFRyT3hsU1RncXBnUXNtclVPZ2lDYlNSMHo4R3lBNS9DQ1pDY0JqNllDNnlNL1ZmTU5FRktzelRNQ0I4ZlF1Qm8wbW1ObS9MWXFhekpNajV2QUVDc0x6SXFYNE5ocjcxdmpnVjdtZno4UjNxbXpSdDEiLCJtYWMiOiIxMWQ0MTkxOTZmMGU3NjFkOTk3ZDgzMzJmNzk0NjhhZjcwNGNmYjJlN2JkNzU3MzJhM2YxZjUwYWZhNWY2NDlkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBIZ1hJamovTVNtOG80M2QxbklBNHc9PSIsInZhbHVlIjoiK1Y1ejdwYloydEN1YmdDcXVNZUhYWmNvM0lROE84VENydFI5bHFrc1h3WWRaMDFmak9PWGFTTkhoWGVRY2prMzNHTWlYMXlmc08rWlFjSGtBVnE3YmcySDdEQ1RxZERzUngyeDlYamhkMTB4ZTEyNldlZ3dXaGkrRER0dWV3RG4iLCJtYWMiOiJkN2E2MjFlM2UzNWMyOTM5ZDE3Nzk0MjI1OTQ4NzVjMjBjOTUxYjUxNzMxYzNkZWU2N2M5MGY2OTFlMzQ5ODg1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /pbojxQ72H4tLgofgGE7AReV3iyAcqjKPFuQcx HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjE1bURXYXh2c1kwUlIxb0gxMDhrbHc9PSIsInZhbHVlIjoidzRmWmdIQ3EveHhDVTZKdFRyT3hsU1RncXBnUXNtclVPZ2lDYlNSMHo4R3lBNS9DQ1pDY0JqNllDNnlNL1ZmTU5FRktzelRNQ0I4ZlF1Qm8wbW1ObS9MWXFhekpNajV2QUVDc0x6SXFYNE5ocjcxdmpnVjdtZno4UjNxbXpSdDEiLCJtYWMiOiIxMWQ0MTkxOTZmMGU3NjFkOTk3ZDgzMzJmNzk0NjhhZjcwNGNmYjJlN2JkNzU3MzJhM2YxZjUwYWZhNWY2NDlkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlBIZ1hJamovTVNtOG80M2QxbklBNHc9PSIsInZhbHVlIjoiK1Y1ejdwYloydEN1YmdDcXVNZUhYWmNvM0lROE84VENydFI5bHFrc1h3WWRaMDFmak9PWGFTTkhoWGVRY2prMzNHTWlYMXlmc08rWlFjSGtBVnE3YmcySDdEQ1RxZERzUngyeDlYamhkMTB4ZTEyNldlZ3dXaGkrRER0dWV3RG4iLCJtYWMiOiJkN2E2MjFlM2UzNWMyOTM5ZDE3Nzk0MjI1OTQ4NzVjMjBjOTUxYjUxNzMxYzNkZWU2N2M5MGY2OTFlMzQ5ODg1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ZfsD/?eMjeffrey.becker@pemcoair.com HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Iml2dzFzeXhqZytFb0JWODVyYittYkE9PSIsInZhbHVlIjoiNXMxTVdVR3RLR2dCK3BJbVI0Z0dyTFQ5dXVNMTBOV0ZRSlViSVE0SGRKVjRtdlNaa2d6M3JqMnVlUTVjSVNGdTV1aGNibWJwQ2ZObmZYcFNGWTFrS3NrZ3ZaNnZLUzRhQVFsVHNPT3k5ZHZ4U3NZdExKZG93SWo3VlAvK2pseEoiLCJtYWMiOiI3ODUxOWUyZjk4NmYwY2JiZDUyY2I3NDdkZGYxZWZmNDE0YjYxMmIyNDRmYmMyNzViNDBiMTc3NmVkNTkxZDk0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkxrbDd4OUJ2R2pqdUFUM3JEeEN5VlE9PSIsInZhbHVlIjoiR2JIbjQrQXBYa3ovZVNQU0lCZERhQjcvUlRSV1BzLytjR0FjRU9tSGQ1N1F6ZHVqYjJoQmtnQ2hyRzZ3OUxoU09PeGd3ZHRYVmR3cEFlRHUyRkVYWnM1SHY0bkp2OGtveFpKbmluc3hqL29raUtQemsrSjduOUdCSmt0MDBzaW0iLCJtYWMiOiIwYWIzNjU2NjI3YzI3ZmJlMTgwYTA0ODhlOWJmN2EwZjZjMzUxYzFmZWNiZWM0ODQ5Nzc4MjE0MmI4NGIxYTNiIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQE HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hqve.livermi.com/ZfsD/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjR5eDZCMTg2clZqY2RkdjQzWk14VGc9PSIsInZhbHVlIjoiU3kvYmRYbjhrd3psOGhHK0lWb05mbTlvZHdFL2QvUFp5bERoaXJXWHZ1RDcrMFdhTTNKY0daMTZSemVaS2JLdG5uaGxYSkZqMWtwd2ZLWDd6T2tYZmNoTktLOE8xTHVyMlhteXNSQmc2MC8rck1PN0t5eUVBZ1ZKWndnUTdHT2siLCJtYWMiOiI2YzY2OTUyZmM4ZjYxZGViYjMyNWM0NjZkMTEyMThmNjZiMzIyMDE5Y2QwN2IxNzhjZTc0YWU2MWFmOTcyNTFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImhINVNKVGtsVFBaR1FRVnBoOEQyU0E9PSIsInZhbHVlIjoiTnBVcENuRWhENE1XbFAvUURCWUJsWVBnaEZHUjVZbVhociszVGVEalpsUXplTXh4R2hsV0hySFYvQ0hWZ3k1eXNHWDdlTnJpS0pweFVmaWZ0am1LbEYzRlVsaVRCMEw1bkdTKysrVTBENE5NLzZiem5ab0tPT3JydU11Ym5OUU8iLCJtYWMiOiJlNWFhYzZjNDI4ODUyNGI2N2U2Yjg5MGIxMDI2NzEzOTE3OTlhNjU0ZjA5YTc5ZmQwNTMzZGZhZDA4MDZmMjdkIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /127ByNiIcWcdGUUh8M6720 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /abQdL01Jjir0BpqLef21 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /pqlp1rDTOuX1264uv40 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /12HnvHvrNcOga56q20IkNop50 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /902LGowr0rF5PYRNje23uwGGgst60 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /23gdnEhmGyuZfDob6fL89ny8O4lxy67 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /4.6.0/socket.io.min.js HTTP/1.1Host: cdn.socket.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /90650F54P1rlWj27Ff7efPrKDdIF6gyz80 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /cdyRvtaVoNmRIU378UrrRFOlQmn96 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://hqve.livermi.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /34pHvmluZj5N5HgDjcJMKghttQ8CN7bkZNl89110 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3DSec-WebSocket-Key: dSV7NhIG0ybb0bziw6CZBw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /stPcVEeSmCWpySyuFQYrrGLm25YHKajvsXLAUxaImEwhmVt1OeTi6J3V3voHflyX0QmntuRh233MccfP8Ept2ddSPIMU3RJzIhfMHBnapef386 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzLBUJq0kbJO1aCyfVINYTZ6NJv22Dnt0yB5M7L5PNy5dNcGP0o7dNyXmkWBSOabFhFEuUEONuKBim0whGnXoEqa1RnoZQ70acd370 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IlpNNUVadjRna3l4TEJJeEpYQUlaUlE9PSIsInZhbHVlIjoiTU0vSmo1cTIyMThWY3ZlUWQ3SmRDeTBDcWU1TEZLbHBrU2ZXMmJ0RE5hUE8zYnpmQ3R5QURiTjdSWkFXRHo2ZFlPeVNCQlJqRVQwelNLTUZoczRzUFZqVVFrc2owanRqbk0rZFRvdFRXVFZqNE4xcnhIekkzcUx4a3BsL0xNSWIiLCJtYWMiOiI0ZjcyYTRlZDFmYzhkNWIxOTIwMjA4Y2EwYjlkYzk1NTRmODUwY2RmN2I3ZDJhN2Q2NGQ5OWIwYWE5NzBjNmFmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImtqWlh5M3VxNnQ3ZjJlRllxcUsyZFE9PSIsInZhbHVlIjoiYXltV0J6MTdRbTNCeGNVa3NUTUJWWmg0aVBTK1AyYWFvUkZpNXJpUlQvN1hkbjRjNWdVQUdjKzNLcDRCWUxkQ2UvWml5THdHV1lEUFlMK0I4anhOWTh6UHNEcjJ5UDg4b20yWFBNSHVDbUh1WGd2dkVrMjdSQktRODI3SloyVFIiLCJtYWMiOiIzNTU2NmVhOTExY2Y2MTE4ZGQ0NjJmNjYxNTVkZTNmNTBkZmU1ZWFjMmUwZTE2YjNlMDI5MDVjNDMzNjNmZWM2IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ujTNSL8np3A8DJhKiODWvPHPq3ufnB5Acfc9xhGtAZnhexe8O1zKov HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9WPFoN8oKyRtRFm9o3fbpAoIXm3VstoiIRoPJ9oSrE7vKdN4ia34128 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /stPcVEeSmCWpySyuFQYrrGLm25YHKajvsXLAUxaImEwhmVt1OeTi6J3V3voHflyX0QmntuRh233MccfP8Ept2ddSPIMU3RJzIhfMHBnapef386 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opveffAB7vKR3iJpN1evtcBR96AmnZlMQCTgWVGZQM4KOP67140 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnanTXvAPynIQS6cBPuv4kUFDzl3I1xk90146 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijKeDPlgPChWaPxShuVOsWzd0yzNT6FQJMe9UpFSl78170 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzOfv1vad9P9hmqZugSh8sFC0ATn4f1FDrsiD9g7K8loVRRvLpiab178 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzLBUJq0kbJO1aCyfVINYTZ6NJv22Dnt0yB5M7L5PNy5dNcGP0o7dNyXmkWBSOabFhFEuUEONuKBim0whGnXoEqa1RnoZQ70acd370 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opcxIP3XuxImCZd2z01QTGrKANMoLijKBjIUOwrshFuhqUkBExVDncd198 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opveffAB7vKR3iJpN1evtcBR96AmnZlMQCTgWVGZQM4KOP67140 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh3mVd4nBfXO2p7UAcQtwl0uykl7Kn1BYrNmFY3LfuqKWIWpp9YSM8A12210 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /yzOfv1vad9P9hmqZugSh8sFC0ATn4f1FDrsiD9g7K8loVRRvLpiab178 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /qrLHnYYQVI2DiRAZfcLVQqAvyp12ImLtE8aSXimRtUNc3OB2srxrHef232 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /ijKeDPlgPChWaPxShuVOsWzd0yzNT6FQJMe9UpFSl78170 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /opcxIP3XuxImCZd2z01QTGrKANMoLijKBjIUOwrshFuhqUkBExVDncd198 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /mnanTXvAPynIQS6cBPuv4kUFDzl3I1xk90146 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9GcDjKJBYNkBw9cwHd1VPWGDETbhEL67np9GaJkd3GQCu6DAuQlBfdXmGX7KkStjkgh260 HTTP/1.1Host: hqve.livermi.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hqve.livermi.com/1100297654994215737HWiiPoFyfRNRXCAKSXRSZSDKYMNPPRVRZJXYOG?FOWWFOSBKLORRCADSjNCjIkyBHEVQIYDKDIBJQDOUEFDMUAWJQEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /gh3mVd4nBfXO2p7UAcQtwl0uykl7Kn1BYrNmFY3LfuqKWIWpp9YSM8A12210 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: bbjd4L+1rawFDC8oRHL7fg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /qrLHnYYQVI2DiRAZfcLVQqAvyp12ImLtE8aSXimRtUNc3OB2srxrHef232 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9WPFoN8oKyRtRFm9o3fbpAoIXm3VstoiIRoPJ9oSrE7vKdN4ia34128 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /uv9GcDjKJBYNkBw9cwHd1VPWGDETbhEL67np9GaJkd3GQCu6DAuQlBfdXmGX7KkStjkgh260 HTTP/1.1Host: hqve.livermi.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=28YrAnfnORRZYM5&MD=mFHV7byd HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: l0nAAc4Q6MWuqr5v8IcZfg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: ZUBFeY+0VhWG0iOXAHeO8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: X0xw+NAMtbhjM/wOxCBV7A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /web8socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocket HTTP/1.1Host: hqve.livermi.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://hqve.livermi.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijk3RzVQNS83MGRkR0N0SU5Wd0ZUQ2c9PSIsInZhbHVlIjoiaDFlSzRrR3dIY1N3dzllT3BuUGlRcGlrVllEZ1prcHF4NXpVNDZzbkhuMFYwK1NqbHdPUFNXQk1aakRvSXVvVWRURU1NTWxSSVNNOVpUM3lCRVlnbXcwWVZJTlRGcjEvTHcvTTNOSEVIKy95MmNaQnVlMkxSNHBkY2FaSzFiQjUiLCJtYWMiOiJlNDJmZGNmMjliNDAzNTY4NjdkMDE1NzI3MGYwMGI2ODdlNjhlNDg3NDcwODliYWE2Y2RjMTc4NWVkMTdlYTUzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9zczJ4RkhGUFR3enNqMTRxMlhOOVE9PSIsInZhbHVlIjoiT0hOb2wwQTY3OVRUayswRUxxZHNDOXduK2oxNkpUU29wWk1ZeTJsSlhDVG5ORVEvUGxSTzYvWWlZWG9CMDhIZ0VUSHp6Y0NtZEpHSm5DallqT3V1ZWR4Y2UvdE9jUnRoOWdRcS9LejhZaHpTZlhuOUVaekNDWlE0b2ZEcm9jSGUiLCJtYWMiOiJlMjY0YjM1NzYzNjEzZGFjNjk5MmQwNTA0NDc1NDliM2ZlZjYwNjZjNjU4MzBjYzJlZThmYjQ2YzI5NzBhM2JlIiwidGFnIjoiIn0%3DSec-WebSocket-Key: Ft6c5Xs2Q8eJLRMawOnDQg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: global traffic	DNS traffic detected: DNS query: hqve.livermi.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.socket.io

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:42:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400Age: 1486Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ziice%2Fw99nJiASNcKzPq0E0Ccvt5rmDXSeJWrPA6dNls%2Bm2Rrag02WwD3RRxf5i%2B5sz4GgaGBj8du8bifA4CdJIoBETIjxRtgTuEsDzaIg5ohuuZs%2Bdj71GketTk3A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingalt-svc: h3=":443"; ma=86400CF-Cache-Status: HITServer: cloudflareCF-RAY: 87a8b6e09f2a9ae5-MIA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:43:03 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3k1BdaLEmcMMUQzpsoItmGqGs2TzJB9u%2BR39Bj%2F3kJIcmN2FNH5RHMC0zScFC2MVWMKp4K7xmw4u5uJ3juwYT6BEIWVRFYxwy%2Bs1FrkWNRyFehKmPhUu2L0%2BQsQo4Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 87a8b751c93d31d2-MIA
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 18:43:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xA7UXabNngVFwd54eObTAO6vD%2BOaX8UONCXw99k6biE6SC97OttnBYncaXaIOz3LP7aqocXYBirDnI11WYshAplxc5OaxpK0qRbLpq2qxow4pqds2WwiNNq9yyNqdg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 87a8b7767dd19af2-MIA

Source: chromecache_295.7.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_295.7.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_295.7.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: Scanned from Xerox Multi.......rtf, ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://hqve.livermi.com/ZfsD/#Mjeffrey.becker
Source: ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://hqve.livermi.com/ZfsD/yX
Source: Scanned from Xerox Multi.......rtf, ~WRS{B988429D-6304-4030-99EA-51AB1CCD0ECA}.tmp.0.dr	String found in binary or memory: https://pemcoair.com/Scanned_from_Xexox_Multifun...
Source: chromecache_295.7.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_295.7.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_295.7.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_295.7.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_295.7.dr, chromecache_265.7.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_295.7.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__.
Source: chromecache_265.7.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.28.18:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49841 version: TLS 1.2

Document contains embedded VBA macros

Source: iso690nmerical.xsl.0.dr	OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr	OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: iso690.xsl.0.dr	OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr	OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr	OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr	OLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.dr	OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr	OLE indicator, VBA macros: true
Source: gb.xsl.0.dr	OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE indicator, VBA macros: true

Document misses a certain OLE stream usually present in this Microsoft Office document type

Source: ~DFECCB20F43FF67480.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gb.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal52.phis.winRTF@18/306@22/10

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Office

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{99E6F638-5C51-495F-B690-01F572F6E6CE} - OProcSessId.dat

Jump to behavior

Source: Element design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	OLE indicator, Word Document stream: true
Source: Insight design set.dotx.0.dr	OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr	OLE indicator, Word Document stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\Scanned from Xerox Multi.......rtf" /o ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,4686805487869512194,3468889412863519454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hqve.livermi.com/ZfsD/#Mjeffrey.becker@pemcoair.com	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1976,i,4686805487869512194,3468889412863519454,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Scanned from Xerox Multi.......LNK.0.dr	LNK file: ..\..\..\..\..\Desktop\Scanned from Xerox Multi.......rtf
Source: Google Drive.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr	Initial sample: OLE zip file path = word/glossary/fontTable.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: Element design set.dotx.0.dr

Initial sample: OLE indicators vbamacros = False

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE

Process information queried: ProcessInformation

Jump to behavior

ID:	1432309
Product:	CloudBasic
Start time:	20:41:30
Start date:	26.04.2024
Sample:	Scanned from Xerox Multi.......rtf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	09d5e8d546579e6b05a7742aeb3e9837
SHA1:	a7fbd839bc3cc23b3065a3edc1e80c9901708dc5
SHA256:	0a620c7e5a0bdb1d770f3ee6660ea19f73dac21cfea209817ae50298b4004dce
Filetype:	Rich Text Format (5005/1) 55.56%

Windows Analysis Report
Scanned from Xerox Multi.......rtf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Scanned from Xerox Multi.......rtf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Scanned from Xerox Multi.......rtf