Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com
Analysis ID:	1437908
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

Multimodal LLM detected phishing page

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Multimodal LLM detected phishing page

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8' is highly suspicious due to its complex and nonsensical structure, which does not resemble any legitimate Microsoft domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into entering their credentials. The domain name does not match any known Microsoft domain, increasing the likelihood of it being a phishing attempt.

Phishing site detected (based on image similarity)

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8	Matcher: Template: microsoft matched
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8#	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/

HTTP Parser: Base64 decoded: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/

HTML title does not match URL

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Title: cd7483a42f6e18cdea135ba3ec986664663ac2b03ebcb does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8	HTTP Parser: No favicon

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: No <meta name="author".. found

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49769 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/SS4jvcjIJW5OKLhohn858CKuFqQTiGsTF4bMNFkWzSKakJ_Sr0kNph4NNpxoiPK0EAnA15aATkzZxU7gtOfsUbyWTZoMomkSjCmwViKJPV71FvgKKHeJaRJKO5bXkDmjH_U9n9HmasY0v4yj31SrCfyzcg94PS5kNX4jXolAOaPjYqHUCbLuGl2_LLDafJsfHk6TN8mCYPDoT-wQC1U0VHJ1e9sOSrcOxKNKdaMZ8ZcMjbsC2XiEMoa8DrlfrJlxq9pQJ6YUZwKJa6bEvv8LUzoBr9H2DDmZIrlIXJbp7uQgDpbaaOxrpokkdDYwNpuqmCnR3MPjSLoxQuD1oKoXrdDXONFzTtiSDA9w4jh1rA5ZZuI-FmXuV1b8CM5XRaUPAxx-dwjRuubG2MWrwOv32bfvvOYxQMb5yp-HA4obO9evxZmoM5R0wJm6rwO6Q0ZVJCMDX2Qenfn1bCjjUuz7gD2coZBuZ-8MAWFlBv0zSssiKwZnTcC2qIL_eAb7TZJYAGXMTnOFNFGTICZVk6PgM7u-WIRpNKTdCSAynES87t5cMRF-QP8B-IDIhUfZB7V9NfM42L1PWZ_QZLMiZ0NY4opRkAFutfHiGj_grcPqeKPjheMbUbGaatJLhLlH1dnhWluPrL1psfC-rQSJtyiHQqw3ERLlidnPvKkrPtMVPXnSookvPAr-ejhQoCUNiSgoRt4urF-5IvE0v-aGN94OETq-xz6WQqT4WCKeGP7kB3u73mfryKZw6JLHaDzG3n1fjhzkcIgP1XFn7ySD9Zxo90jAe4OhLXhgTV0wFONPGdYyV91DPMnGoa2iX4pPDdBjLGwJq4YHJgUEO1KOzEE-3uYZRD4UL8YBFtI0UzGFqE-6bSxr-dqDsaZGewHDM6KFvyDuZEBDbdBHrA4KUlwgiL25FiVouun7D5pyvw7lVC_6TwPSZkacMkT4amOhP6iBvd0VzppkeglW5BCe_f7_Qn7todNstGo4T9YFcWjzI23HOqYLVvnpoU5tQ480AemcpYNkpeHycDBYc5ozFn3_0hOeSpJdM4DZftIn7VtuG0Y7-tDK0_gz559n5FbHII9DlpRtyFgKONoiRer-N5INHRHiE-TIMVpFVcm6YqvY9qAQwbQIVpD_1mAlo9eTIYKfwZq6Zvfy23BXd_QLSfVLurwlaa4sKQX7pSINd8lyjvZxdS1gHkywwKtPoNRyJu7XnwH3aU7FJs6SaglFap7X6H9q3XKLLVJbd_LViRbyixfT2Ch4DD-RWcHfPIqsR13f0jc6H2KY_uSguk793ma1Ma26o20B28g-gw5bRWw4S-TjjNrhNJwc_789pTWZl6cnvzCsWdPOR5GQFc7NiKMQGo1ZI-1zfP6WF8DzlPfuABan_tvGneMrhN6aC9q_p3BOhQcCLIacQ6pOqgoy9kqex8PLmw2Po034jiJZtrNjVJsDB6WJWdOZpJsw6VEj-aIZojjDsOCyXJVFxvdJZdUqu2hCS7cXQ02e9BDNw51EqCi0NdseDrfCijXBmfHCeAFLNYuZTzuxmaJ6zkMQ89AmsK-vDO8UiqpmyUhA3nINibSxd-qUeLrv8dIc3QV0hWt3BIRWA_FT4wB_S2YmNS5RwUmcfRj6nxb-_W-uRIol8jJRfgsTakFlVnp0ckhuzPNW2Zx7JH4E752ULtzRTSqMdgR7t4100ffrRSfKpJ1b1jK8l8I7oV31AZQQFyiJRoW5Y2RFyHRpvu1fquvRRqMHvVI9oPykmLC-ezDQftCJE26B5wR0lLWhHlX-3ndNnwlDNeWl3lNhZgQsg7Kns8OAmVjKuIAsOtb1lrURWqEx7o9H7Tp3XewiXjak_9_4bZ0nQ7vWj4a3P3RbYZkTxRtUgF8iLljHQiGK2o8bS5cJ9E5Pwp8k0HvTEDojw1ti1lO_nPWR_7bfdABYfN9YMFsj8g HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://viribusprop.co.za/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880537b31e9d7646 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_rt_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xdocusigniusmmxnmmxdicu.smumsmd.wssec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=880537c5bbc19b57 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/880537c5bbc19b57/1715126937235/12f3ee67ccbdb7fb1acecd3171bf600ac74e8a7846816ab49c39bcd42f6fc303/LNlFykAvnwqRdjI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/880537c5bbc19b57/1715126937236/Mz1wMin9FfXPP2x HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/880537c5bbc19b57/1715126937236/Mz1wMin9FfXPP2x HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tLPXkvmx9rUTMUb&MD=SOowtWOS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /jq/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc3d HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /boot/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc41 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /js/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc42 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /APP-77e55199867d7ffbe66f79c58c488f7d663ac2b3d834f/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8350 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tLPXkvmx9rUTMUb&MD=SOowtWOS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cbg HTTP/1.1Host: viribusprop.co.zaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cbg/ HTTP/1.1Host: viribusprop.co.zaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: viribusprop.co.za
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: xdocusigniusmmxnmmxdicu.smumsmd.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=DdSNM23omUGbIp5mmfvB%2Bznwvoj51ENgtrOBBitLJWFXX1xTIcsDH%2BrfXHl7%2FZD3DE3hsQO5Zftz7Bud5ADaEkaeNXvIqj9Nj4pyBI7nsg5LDe8KZa8ruysHUQgCVR8NN5TGHst%2FpH4wYu6s%2B1fP5%2BH8LXHL HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 431Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16673Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: MKhKlJ6dBzBVvJqVEKVczWPtB0eleE8SglCvRAKgr8KS3Krom/geyBRBXh0Vy8dL3UjcWoBNOG1+sjyw0iZcOZ5fqQ4oLrYNdQ7Ejvho9RVwL/g2d6H8usS2No8+MVJ97rUCKS0wciTezmGH5b+bQA==$FvjL8uGJrLH606XFzC19QA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16846Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: nwAylllXNaPyigq+1p1GeEv29/LU24O6s03FN+Xj8N4oVS5NeJhMcqMlEgIoUqKzO7H3+/CEnnVSo3NdCnMaEtiPxrzBMbxuBHakXzeywA9mZqS1X1lwaefj1/DT1/ErBrYIntYEE38A5h9FxloQ7g==$2NJ3uDObfjWVk48dwAMJqg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16846Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: ffdJVlJw1nY1k4/8mzy0VTaLgMBuI1xsJ6g/RHjEGnjQdV4M4zNUcxAOWYOwoPfYYv3grdutQEGLWOaokN9MzJgVXa0K5jazlQyZi0k3sV1EUGT44Q/EAFSEE5jDpDYkPlJZTmyTds+S/oFi4vcGaA==$lDD0vXLLEl2vf+psbN/ljg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:09:19 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16706Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: kjxotqkkFEy57Y6ejppvNmvT1rP0iNXeaYBac/6Iulo/NCgdGhojPpLFPSxE7KXzdD0+9dbnUedCDlMg0825D9VKkbvs0EMAUYcFzHgLD9ps43SIV+76t9eOOim/XdvotBASSkuQ3msccpm0wKp7uA==$UkaiNAg7stIDQJEJWG2d9A==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 00:09:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: HITAge: 112Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uPXX4DHlLBwLexKgOZoAY8YKhP5sedxnY7817FDe%2Ft4AFNSk3TbClxiVQvxWWsG4BzIcGXX1MGaycQuQU6onRWI49LQhBfXRUTs2J8ahtdrn5rYsq0nOzucYqiaKmJuBo7vi%2B8Y0BS%2BxnSe03AjOC1CJLte"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88053882cba727aa-SEAalt-svc: h3=":443"; ma=86400

Source: chromecache_85.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49769 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.win@22/42@20/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2032,i,4573197792701812552,12899046821769428031,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2032,i,4573197792701812552,12899046821769428031,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
41.72.158.10	viribusprop.co.za	South Africa	37153	xneeloZA	false
142.250.217.68	www.google.com	United States	15169	GOOGLEUS	false
172.67.152.82	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.1.187	xdocusigniusmmxnmmxdicu.smumsmd.ws	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
205.139.111.12	url.us.m.mimecastprotect.com	United States	30031	MIMECAST-US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
a.nel.cloudflare.com	35.190.80.1	true
url.us.m.mimecastprotect.com	205.139.111.12	true
challenges.cloudflare.com	104.17.2.184	true
xdocusigniusmmxnmmxdicu.smumsmd.ws	104.21.1.187	true
www.google.com	142.250.217.68	true
viribusprop.co.za	41.72.158.10	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://viribusprop.co.za/cbg/	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/jq/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc3d	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=DdSNM23omUGbIp5mmfvB%2Bznwvoj51ENgtrOBBitLJWFXX1xTIcsDH%2BrfXHl7%2FZD3DE3hsQO5Zftz7Bud5ADaEkaeNXvIqj9Nj4pyBI7nsg5LDe8KZa8ruysHUQgCVR8NN5TGHst%2FpH4wYu6s%2B1fP5%2BH8LXHL	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/sig-op.svg	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=880537c5bbc19b57	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/ASSETS/img/m_.svg	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/favicon.ico	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8#	true		unknown
http://viribusprop.co.za/cbg	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	true		unknown
https://url.us.m.mimecastprotect.com/r/SS4jvcjIJW5OKLhohn858CKuFqQTiGsTF4bMNFkWzSKakJ_Sr0kNph4NNpxoiPK0EAnA15aATkzZxU7gtOfsUbyWTZoMomkSjCmwViKJPV71FvgKKHeJaRJKO5bXkDmjH_U9n9HmasY0v4yj31SrCfyzcg94PS5kNX4jXolAOaPjYqHUCbLuGl2_LLDafJsfHk6TN8mCYPDoT-wQC1U0VHJ1e9sOSrcOxKNKdaMZ8ZcMjbsC2XiEMoa8DrlfrJlxq9pQJ6YUZwKJa6bEvv8LUzoBr9H2DDmZIrlIXJbp7uQgDpbaaOxrpokkdDYwNpuqmCnR3MPjSLoxQuD1oKoXrdDXONFzTtiSDA9w4jh1rA5ZZuI-FmXuV1b8CM5XRaUPAxx-dwjRuubG2MWrwOv32bfvvOYxQMb5yp-HA4obO9evxZmoM5R0wJm6rwO6Q0ZVJCMDX2Qenfn1bCjjUuz7gD2coZBuZ-8MAWFlBv0zSssiKwZnTcC2qIL_eAb7TZJYAGXMTnOFNFGTICZVk6PgM7u-WIRpNKTdCSAynES87t5cMRF-QP8B-IDIhUfZB7V9NfM42L1PWZ_QZLMiZ0NY4opRkAFutfHiGj_grcPqeKPjheMbUbGaatJLhLlH1dnhWluPrL1psfC-rQSJtyiHQqw3ERLlidnPvKkrPtMVPXnSookvPAr-ejhQoCUNiSgoRt4urF-5IvE0v-aGN94OETq-xz6WQqT4WCKeGP7kB3u73mfryKZw6JLHaDzG3n1fjhzkcIgP1XFn7ySD9Zxo90jAe4OhLXhgTV0wFONPGdYyV91DPMnGoa2iX4pPDdBjLGwJq4YHJgUEO1KOzEE-3uYZRD4UL8YBFtI0UzGFqE-6bSxr-dqDsaZGewHDM6KFvyDuZEBDbdBHrA4KUlwgiL25FiVouun7D5pyvw7lVC_6TwPSZkacMkT4amOhP6iBvd0VzppkeglW5BCe_f7_Qn7todNstGo4T9YFcWjzI23HOqYLVvnpoU5tQ480AemcpYNkpeHycDBYc5ozFn3_0hOeSpJdM4DZftIn7VtuG0Y7-tDK0_gz559n5FbHII9DlpRtyFgKONoiRer-N5INHRHiE-TIMVpFVcm6YqvY9qAQwbQIVpD_1mAlo9eTIYKfwZq6Zvfy23BXd_QLSfVLurwlaa4sKQX7pSINd8lyjvZxdS1gHkywwKtPoNRyJu7XnwH3aU7FJs6SaglFap7X6H9q3XKLLVJbd_LViRbyixfT2Ch4DD-RWcHfPIqsR13f0jc6H2KY_uSguk793ma1Ma26o20B28g-gw5bRWw4S-TjjNrhNJwc_789pTWZl6cnvzCsWdPOR5GQFc7NiKMQGo1ZI-1zfP6WF8DzlPfuABan_tvGneMrhN6aC9q_p3BOhQcCLIacQ6pOqgoy9kqex8PLmw2Po034jiJZtrNjVJsDB6WJWdOZpJsw6VEj-aIZojjDsOCyXJVFxvdJZdUqu2hCS7cXQ02e9BDNw51EqCi0NdseDrfCijXBmfHCeAFLNYuZTzuxmaJ6zkMQ89AmsK-vDO8UiqpmyUhA3nINibSxd-qUeLrv8dIc3QV0hWt3BIRWA_FT4wB_S2YmNS5RwUmcfRj6nxb-_W-uRIol8jJRfgsTakFlVnp0ckhuzPNW2Zx7JH4E752ULtzRTSqMdgR7t4100ffrRSfKpJ1b1jK8l8I7oV31AZQQFyiJRoW5Y2RFyHRpvu1fquvRRqMHvVI9oPykmLC-ezDQftCJE26B5wR0lLWhHlX-3ndNnwlDNeWl3lNhZgQsg7Kns8OAmVjKuIAsOtb1lrURWqEx7o9H7Tp3XewiXjak_9_4bZ0nQ7vWj4a3P3RbYZkTxRtUgF8iLljHQiGK2o8bS5cJ9E5Pwp8k0HvTEDojw1ti1lO_nPWR_7bfdABYfN9YMFsj8g	false	Avira URL Cloud: safe	unknown
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/880537c5bbc19b57/1715126937235/12f3ee67ccbdb7fb1acecd3171bf600ac74e8a7846816ab49c39bcd42f6fc303/LNlFykAvnwqRdjI	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/APP-77e55199867d7ffbe66f79c58c488f7d663ac2b3d834f/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8350	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/boot/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc41	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/1	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=BCOG7BdwPUrsniQmf0ESJwNm0HXhtdk9OxY%2Buo1KlZOwXhc42AyX6efkNjs0%2BWGWf5xoy3gIs%2BV%2BnIlexz5BHAl7OxCWgD5uHy9ajsUNkOVPi7IQr%2BUPKHjYIlMKryCNg9A2upeaDlZaqKS3TTBbRCRRlYJo	false		high
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8	true		unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880537b31e9d7646	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/js/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc42	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxnmmxdicu.smumsmd.ws/cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=G%2F6IEmFEVqxJWu%2B2sD6c4kfaPfgynZvJROwIhmeVGzSMx3P%2BkJx8LbJY%2FFZEcMgBL18NprrLWfh1f33KXx4YuyzKLNV2HupXqRhYYcMjEYDvLBbOCWUkm4mv35gvfcSsWVqJJoyA9AXq9KnJzhQY57FB%2BH9g	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	18B0B58796E2465EBA6B049CCB26593F	26E6457F849A68D4CA3A65036E4ACE123FB49C73	E4F8410E052FB810090053912EBF97D5276F69C0FF992DEC2DFCDF5FA5E7A868
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B01EAEB81C56C186C771D8373581FE31	F00F5B6C0DD0B66B8615D4CA0DFDE66A059147B2	B5E0BB9E72D39CDC1218E36DFFAC78F0550869772E614B922D0FECAFCF7CB06F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B2D54C9B0BB43BEAF01E83025B7A3847	0EBB6C7FFBA3944E1A9DD243AC973C14F6BFE42E	BA9262F52BEB29A7A45700A8AA118B37C1DD556031B4EE776DEB31E956FEAC98
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8D6A799C2BF11A91FC31BBB56136FE40	9B9300D9E51E8500E76C403F22BB27DF427B32DD	84B150E2B0F1AB521D50F85ACF09055E35835D88C079085AE74A68D4F7E0DAE6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B567287D70F39071A658F37520346930	0CC16922D1C226E78D854ED44B80CE73FD728426	CC815E463A3E495E7CDE333E6E3D259B96647BE77A2A12C32FF407C118145BCB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 23:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	24A208E2A60605BA1F090D507354BDA9	35BADB12C54C9248BDFE91202A8CADAFDA163BCD	9F0763E3FA13D38DD857453C5DD59F4D4321671B1CD4164598031D034A75B2D7
Chrome Cache Entry: 70	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 71	ASCII text, with very long lines (65536), with no line terminators	8E6B0F88563F9C33F78BCE65CF287DF7	EF7765CD2A7D64ED27DD7344702597AFF6F8C397	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
Chrome Cache Entry: 72	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 73	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 74	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 75	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 76	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 77	ASCII text, with no line terminators	011B17B116126E6E0C4A9B0DE9145805	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
Chrome Cache Entry: 78	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 79	ASCII text, with very long lines (7043), with no line terminators	B6C202188699B897BB727A68EDD24665	FF3B891E06C983DCA277C1D7D874C8EB8084EB96	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
Chrome Cache Entry: 80	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 81	gzip compressed data, from Unix, original size modulo 2^32 389	ED60451593D97E5D00690DABD825B1EF	34B150BC9DA22E62D63C7D18AE9C9CBE48E3CC4B	9A8C04F9670D706810088EF7D9EE87AD904D1FD549443F5E6EDBA87F45685C6D
Chrome Cache Entry: 82	ASCII text, with very long lines (42565)	A5B92920E25651D2058F4982A108347B	CAEEADD68D38FDB681C52006C68880ABC2E8A1A6	49A5ABEDF03EB8AD9A66ECA7C5CCB8E59A440E06958E1E7B71D078F494178DC5
Chrome Cache Entry: 83	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 84	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 85	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (4020)	B2F3C25D8AA15BA4354321E8BB35459F	56FFA9AFABD1D2B103F267D16A13A78AF49A9AEC	5FB7CD2453347BBBD855BFA5E2AA8EF4B57C70D5A268861E1635C129CAEB14D2
Chrome Cache Entry: 87	PNG image data, 69 x 8, 8-bit/color RGB, non-interlaced	573B8863E95FCC1F174F8D040FEBBEDE	AF59422B6A043C3278259CB372FA4FAA64BB9626	6970C14F9299A14B0FF1EB1D51BCDAB0E7E44A5F7FAD412BC49F5BF144876D8C
Chrome Cache Entry: 88	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 89	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 90	PNG image data, 69 x 8, 8-bit/color RGB, non-interlaced	573B8863E95FCC1F174F8D040FEBBEDE	AF59422B6A043C3278259CB372FA4FAA64BB9626	6970C14F9299A14B0FF1EB1D51BCDAB0E7E44A5F7FAD412BC49F5BF144876D8C

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Multimodal LLM detected phishing page

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

Phishing site detected (based on image similarity)

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8	Matcher: Template: microsoft matched
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8#	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/

HTTP Parser: Base64 decoded: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/

HTML title does not match URL

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Title: cd7483a42f6e18cdea135ba3ec986664663ac2b03ebcb does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8	HTTP Parser: No favicon

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: No <meta name="author".. found

Source: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49769 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 104.125.88.106
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/SS4jvcjIJW5OKLhohn858CKuFqQTiGsTF4bMNFkWzSKakJ_Sr0kNph4NNpxoiPK0EAnA15aATkzZxU7gtOfsUbyWTZoMomkSjCmwViKJPV71FvgKKHeJaRJKO5bXkDmjH_U9n9HmasY0v4yj31SrCfyzcg94PS5kNX4jXolAOaPjYqHUCbLuGl2_LLDafJsfHk6TN8mCYPDoT-wQC1U0VHJ1e9sOSrcOxKNKdaMZ8ZcMjbsC2XiEMoa8DrlfrJlxq9pQJ6YUZwKJa6bEvv8LUzoBr9H2DDmZIrlIXJbp7uQgDpbaaOxrpokkdDYwNpuqmCnR3MPjSLoxQuD1oKoXrdDXONFzTtiSDA9w4jh1rA5ZZuI-FmXuV1b8CM5XRaUPAxx-dwjRuubG2MWrwOv32bfvvOYxQMb5yp-HA4obO9evxZmoM5R0wJm6rwO6Q0ZVJCMDX2Qenfn1bCjjUuz7gD2coZBuZ-8MAWFlBv0zSssiKwZnTcC2qIL_eAb7TZJYAGXMTnOFNFGTICZVk6PgM7u-WIRpNKTdCSAynES87t5cMRF-QP8B-IDIhUfZB7V9NfM42L1PWZ_QZLMiZ0NY4opRkAFutfHiGj_grcPqeKPjheMbUbGaatJLhLlH1dnhWluPrL1psfC-rQSJtyiHQqw3ERLlidnPvKkrPtMVPXnSookvPAr-ejhQoCUNiSgoRt4urF-5IvE0v-aGN94OETq-xz6WQqT4WCKeGP7kB3u73mfryKZw6JLHaDzG3n1fjhzkcIgP1XFn7ySD9Zxo90jAe4OhLXhgTV0wFONPGdYyV91DPMnGoa2iX4pPDdBjLGwJq4YHJgUEO1KOzEE-3uYZRD4UL8YBFtI0UzGFqE-6bSxr-dqDsaZGewHDM6KFvyDuZEBDbdBHrA4KUlwgiL25FiVouun7D5pyvw7lVC_6TwPSZkacMkT4amOhP6iBvd0VzppkeglW5BCe_f7_Qn7todNstGo4T9YFcWjzI23HOqYLVvnpoU5tQ480AemcpYNkpeHycDBYc5ozFn3_0hOeSpJdM4DZftIn7VtuG0Y7-tDK0_gz559n5FbHII9DlpRtyFgKONoiRer-N5INHRHiE-TIMVpFVcm6YqvY9qAQwbQIVpD_1mAlo9eTIYKfwZq6Zvfy23BXd_QLSfVLurwlaa4sKQX7pSINd8lyjvZxdS1gHkywwKtPoNRyJu7XnwH3aU7FJs6SaglFap7X6H9q3XKLLVJbd_LViRbyixfT2Ch4DD-RWcHfPIqsR13f0jc6H2KY_uSguk793ma1Ma26o20B28g-gw5bRWw4S-TjjNrhNJwc_789pTWZl6cnvzCsWdPOR5GQFc7NiKMQGo1ZI-1zfP6WF8DzlPfuABan_tvGneMrhN6aC9q_p3BOhQcCLIacQ6pOqgoy9kqex8PLmw2Po034jiJZtrNjVJsDB6WJWdOZpJsw6VEj-aIZojjDsOCyXJVFxvdJZdUqu2hCS7cXQ02e9BDNw51EqCi0NdseDrfCijXBmfHCeAFLNYuZTzuxmaJ6zkMQ89AmsK-vDO8UiqpmyUhA3nINibSxd-qUeLrv8dIc3QV0hWt3BIRWA_FT4wB_S2YmNS5RwUmcfRj6nxb-_W-uRIol8jJRfgsTakFlVnp0ckhuzPNW2Zx7JH4E752ULtzRTSqMdgR7t4100ffrRSfKpJ1b1jK8l8I7oV31AZQQFyiJRoW5Y2RFyHRpvu1fquvRRqMHvVI9oPykmLC-ezDQftCJE26B5wR0lLWhHlX-3ndNnwlDNeWl3lNhZgQsg7Kns8OAmVjKuIAsOtb1lrURWqEx7o9H7Tp3XewiXjak_9_4bZ0nQ7vWj4a3P3RbYZkTxRtUgF8iLljHQiGK2o8bS5cJ9E5Pwp8k0HvTEDojw1ti1lO_nPWR_7bfdABYfN9YMFsj8g HTTP/1.1Host: url.us.m.mimecastprotect.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://viribusprop.co.za/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880537b31e9d7646 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_rt_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://xdocusigniusmmxnmmxdicu.smumsmd.wssec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=880537c5bbc19b57 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/880537c5bbc19b57/1715126937235/12f3ee67ccbdb7fb1acecd3171bf600ac74e8a7846816ab49c39bcd42f6fc303/LNlFykAvnwqRdjI HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/880537c5bbc19b57/1715126937236/Mz1wMin9FfXPP2x HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/w3vgi/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/880537c5bbc19b57/1715126937236/Mz1wMin9FfXPP2x HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tLPXkvmx9rUTMUb&MD=SOowtWOS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/844823957:1715124679:GnQTCjOiNgTJb7mzvvBWZEZczWJ0ZCWR3Y7jiNGLqhM/880537c5bbc19b57/c000d081a527d63 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/527534735:1715124565:uz73uwqss8iV9tiMGAbLwJzSrtIHhXFl__h71txL1oc/880537b31e9d7646/d98eb95fec24563 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/?__cf_chl_tk=n1_o7escuK3a3gDjZNul7qOp6uQCDjtN8I_0ELjlvC8-1715126930-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /jq/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc3d HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /boot/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc41 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /js/77e55199867d7ffbe66f79c58c488f7d663ac2b13fc42 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /APP-77e55199867d7ffbe66f79c58c488f7d663ac2b3d834f/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8350 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://xdocusigniusmmxnmmxdicu.smumsmd.ws/6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe7LOG6f5c738436d0a4edb215172e0bb1eabf663ac2b03ebe8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /o/77e55199867d7ffbe66f79c58c488f7d663ac2b3d837e HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /x/77e55199867d7ffbe66f79c58c488f7d663ac2b3d8356 HTTP/1.1Host: xdocusigniusmmxnmmxdicu.smumsmd.wsConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=zF3XIjIGn2pE.DkQGhlmscUwq6nfJ6cFcfN4y1JU3qE-1715126930-1.0.1.1-JTmlYumFNFrzimhBTreeZjw9PuG89pJpizUAIXnqpg2Nv4DObM1SRqV8X.dedXsCRH9b5UkfL9hjPsjFShoiwg; PHPSESSID=be5f48610fe51d3a45fcac8067009345
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tLPXkvmx9rUTMUb&MD=SOowtWOS HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cbg HTTP/1.1Host: viribusprop.co.zaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cbg/ HTTP/1.1Host: viribusprop.co.zaConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: viribusprop.co.za
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: xdocusigniusmmxnmmxdicu.smumsmd.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16673Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: MKhKlJ6dBzBVvJqVEKVczWPtB0eleE8SglCvRAKgr8KS3Krom/geyBRBXh0Vy8dL3UjcWoBNOG1+sjyw0iZcOZ5fqQ4oLrYNdQ7Ejvho9RVwL/g2d6H8usS2No8+MVJ97rUCKS0wciTezmGH5b+bQA==$FvjL8uGJrLH606XFzC19QA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16846Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: nwAylllXNaPyigq+1p1GeEv29/LU24O6s03FN+Xj8N4oVS5NeJhMcqMlEgIoUqKzO7H3+/CEnnVSo3NdCnMaEtiPxrzBMbxuBHakXzeywA9mZqS1X1lwaefj1/DT1/ErBrYIntYEE38A5h9FxloQ7g==$2NJ3uDObfjWVk48dwAMJqg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:08:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16846Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: ffdJVlJw1nY1k4/8mzy0VTaLgMBuI1xsJ6g/RHjEGnjQdV4M4zNUcxAOWYOwoPfYYv3grdutQEGLWOaokN9MzJgVXa0K5jazlQyZi0k3sV1EUGT44Q/EAFSEE5jDpDYkPlJZTmyTds+S/oFi4vcGaA==$lDD0vXLLEl2vf+psbN/ljg==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 08 May 2024 00:09:19 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16706Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: kjxotqkkFEy57Y6ejppvNmvT1rP0iNXeaYBac/6Iulo/NCgdGhojPpLFPSxE7KXzdD0+9dbnUedCDlMg0825D9VKkbvs0EMAUYcFzHgLD9ps43SIV+76t9eOOim/XdvotBASSkuQ3msccpm0wKp7uA==$UkaiNAg7stIDQJEJWG2d9A==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 00:09:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: HITAge: 112Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1uPXX4DHlLBwLexKgOZoAY8YKhP5sedxnY7817FDe%2Ft4AFNSk3TbClxiVQvxWWsG4BzIcGXX1MGaycQuQU6onRWI49LQhBfXRUTs2J8ahtdrn5rYsq0nOzucYqiaKmJuBo7vi%2B8Y0BS%2BxnSe03AjOC1CJLte"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88053882cba727aa-SEAalt-svc: h3=":443"; ma=86400

Source: chromecache_85.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_85.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.125.88.106:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.5:49769 version: TLS 1.2

Source: classification engine

Classification label: mal68.phis.troj.win@22/42@20/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2032,i,4573197792701812552,12899046821769428031,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2032,i,4573197792701812552,12899046821769428031,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 3.7.pages.csv, type: HTML
Source: Yara match	File source: 2.6.pages.csv, type: HTML

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1437908
Product:	CloudBasic
Start time:	02:07:57
Start date:	08.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/RBIeC68AD5iQ5EOspXJld?domain=urldefense.proofpoint.com