Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
b96a6d6fd568db5fb70ce3ac0574381a.eml

Overview

General Information

Sample name:b96a6d6fd568db5fb70ce3ac0574381a.eml
Analysis ID:1637736
MD5:1e2dc8481eee427f4c740cfe93cd045b
SHA1:e5386bf92d619c5427196cfb0628d55525817cab
SHA256:203fb081f3f8e4f168247f572d85880a44871ba8fa3435c58eccaa142f3a6c8e
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Confidence:100%

Signatures

Yara detected HtmlPhish29
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
HTML page contains hidden javascript code
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4732 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\b96a6d6fd568db5fb70ce3ac0574381a.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5164 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6D0DF245-6A73-4E0D-817A-9E1EA2184F7C" "5FEB52B6-D788-40D3-A11A-7EBE9E094627" "4732" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 2888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://efax-41.jimdosite.com/ MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 1120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9104578188775906137,8397712373787190548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.2.pages.csvJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
    0.1.pages.csvJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security

      Sigma Signatures

      Sigma detected: Office Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4732, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected HtmlPhish29
      Source: Yara matchFile source: 0.2.pages.csv, type: HTML
      Source: Yara matchFile source: 0.1.pages.csv, type: HTML
      AI detected landing page (webpage, office document or email)
      Source: EmailJoe Sandbox AI: Email contains prominent button: 'open'
      Source: https://efax-41.jimdosite.com/Joe Sandbox AI: Page contains button: 'View Document' Source: '0.0.pages.csv'
      AI detected suspicious Javascript
      Source: 1.17.d.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. It appears to be a malicious script that collects sensitive user information and potentially redirects to a malicious domain. The script's behavior is highly suspicious and poses a significant security risk.
      AI detected suspicious URL
      Source: https://pepssh.comJoe Sandbox AI: The URL 'pepssh.com' closely resembles the legitimate brand 'Pepsi' by using a visual character substitution where 'i' is replaced with 'sh'. This substitution can easily be overlooked by users, leading to potential confusion. The domain 'pepsi.com' is a well-known global brand, and the analyzed URL does not suggest any legitimate purpose unrelated to the brand. The absence of subdomains or additional context further supports the likelihood of typosquatting. The similarity score is high due to the visual resemblance and potential for user confusion, and the spoofed score reflects the high likelihood of this being a typosquatting attempt.
      Source: https://efax-41.jimdosite.com/HTTP Parser: Base64 decoded: 1741899648.000000
      Source: https://pepssh.com/?wqohhbtk=2a33e7467ae45bf556a700aed3c0a48538550412f9fb62e401e53e056ccc7adc6b86a5889291afaab950053048e03c3accdca6e864f0775793eabe1674ff8667HTTP Parser: No favicon
      Source: https://pepssh.com/?wqohhbtk=2a33e7467ae45bf556a700aed3c0a48538550412f9fb62e401e53e056ccc7adc6b86a5889291afaab950053048e03c3accdca6e864f0775793eabe1674ff8667HTTP Parser: No favicon
      Source: https://pepssh.com/?wqohhbtk=2a33e7467ae45bf556a700aed3c0a48538550412f9fb62e401e53e056ccc7adc6b86a5889291afaab950053048e03c3accdca6e864f0775793eabe1674ff8667HTTP Parser: No favicon
      Source: https://pepssh.com/?wqohhbtk=2a33e7467ae45bf556a700aed3c0a48538550412f9fb62e401e53e056ccc7adc6b86a5889291afaab950053048e03c3accdca6e864f0775793eabe1674ff8667HTTP Parser: No favicon
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
      Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
      Source: unknownTCP traffic detected without corresponding DNS query: 52.109.28.46
      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.99
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/pkix-certLast-Modified: Wed, 01 May 2024 21:14:12 GMTETag: "6632b0a4-50a"Content-Disposition: attachment; filename="R11.der"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1243Cache-Control: max-age=3600Expires: Thu, 13 Mar 2025 22:01:02 GMTDate: Thu, 13 Mar 2025 21:01:02 GMTConnection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 00 33 68 62 65 33 68 62 7a b7 80 99 89 91 89 49 90 a1 ab d6 4e f8 9a be c1 7b e5 b6 bd 9a ec d9 26 3f 0c 78 d9 38 b5 da 3c da be f3 32 32 72 b3 32 18 f8 1b 72 1b 70 b2 31 87 b2 b0 09 33 85 06 1b 6a 1a a8 83 38 5c c2 0a 9e 79 25 a9 45 79 a9 25 0a c1 a9 c9 a5 45 99 25 95 0a 41 a9 c5 a9 89 45 c9 19 0a ee 45 f9 a5 05 86 a2 06 c2 20 a5 cc c2 3c 9e c1 41 ee 0a 41 f9 f9 25 0a 11 86 06 72 e2 bc 46 26 06 c6 86 c6 06 60 10 05 e4 9a 03 b9 46 46 c6 a6 96 a6 96 51 40 26 8a 85 62 06 22 10 0b 79 7d 52 4b d4 8b 15 5c f3 92 8b 2a 0b 4a 0c 79 0c b8 20 a6 33 07 19 1a 1a 34 31 2a 21 3b 9c 91 95 81 b9 89 91 9f 01 28 ce c5 d4 c4 c8 c8 b0 ab 7d 4f 8c 34 83 e5 e9 53 5c 67 af a4 0b fc 64 b4 59 ea b7 34 f1 b4 da a9 a0 df a2 8c db 77 6a 7c d5 90 7b ab be 59 45 c2 32 9d 93 87 e3 cd 03 ab 0d d6 e5 7c 7b 3f 3f b5 0c 71 e4 f1 5b e7 78 6d 66 c9 bd c0 db ef ab ff 47 ec 5d b1 5d f8 db 3d c3 ab 9f 8a 4e 16 65 71 37 97 4c 9d e3 c6 90 22 32 f3 f3 c6 9b 4a 37 cf ae 98 b4 4a 46 ad ca fe df fb 08 d6 6a 8e a9 8d b7 0b f9 fb 7e 3f 36 e4 dc cd b9 2f c0 37 be 7f 62 99 6d d4 dc 79 cd 9f 5e 1e 49 db fc 90 2d cd d9 43 a2 21 75 81 b9 c4 ac d9 2d 46 d3 37 6e da 7b e4 87 28 c3 5c f5 8e df 8f 92 c5 a7 e5 cc 56 4f f7 3e 72 5b 23 2e f3 50 e5 07 cf 98 07 2a 01 0f 8f ec 59 c8 ba a6 da 21 97 61 cb 21 47 fb e5 11 3b f4 8f c6 cc 5e ba 9b 73 de c7 7f af 37 b4 5a fe 5d c1 f5 de f5 48 c5 eb 54 ad 43 e7 e3 6d ee 3d 8e f1 95 fe ce ad ae bd 8a db a9 3c d8 bf 32 4b b6 fd 26 13 33 23 03 e3 e2 c6 1f 06 8d 5f 0d f8 80 e1 26 cb cf c8 f8 9f 85 05 98 06 da 0c 64 41 7c 55 16 50 40 73 68 b3 31 b2 b2 b2 33 33 c1 59 8c 06 42 20 69 61 90 72 0e 03 36 20 c5 c4 c8 00 d1 c2 c7 22 c6 22 72 f4 bc db 92 57 5f 0e 1f a8 ca 99 7a 44 77 43 dc 24 7d b5 c7 3b 0d e4 41 d2 ca 2c 12 06 62 0d 22 95 5b 22 9f 55 6f 7b fa 84 b1 b8 81 a3 e3 84 54 c4 b7 97 b3 f3 0c 8c 60 e6 33 32 b2 a8 19 a8 18 28 c1 f8 06 4c 6d 62 19 25 25 05 56 fa fa 15 86 7a 99 7a 39 a9 c0 e8 d6 cb 2f 4a d7 07 27 26 59 05 16 60 bc 1b 70 b0 b1 a5 37 f2 30 32 31 82 13 a3 ac 3c 8b 82 81 9c 81 cc 02 a9 05 12 c8 ba 93 91 75 a3 a6 6a e6 26 a0 2f fc 1e 75 c6 72 31 cb 4c b0 b8 f0 55 fe 67 61 cc 8f c3 fd 9b cc 3b aa f2 37 a8 ca bf dd b7 fd 46 1b 5b df 4b ce 96 b3 45 fb 1b 3f ff 39 75 3e d8 e3 ed de 6f 99 4e 57 96 0a da 99 9e 10 de 34 49 96 35 fe 95 de 95 1b 3f 3c 0f af fd 3a 73 da 9c f7 6a 37 1e 6e 51 e1 f6 50 f0 fd 73 39 64 cb ca 63 8a 27 1e 9a 49 ff 2f 4f d1 14 df f9 c1 fb 7d ec ab b3 95 17 f6 4f d8 bf 4f 79 d3 84 5b 5e 2b 3d 0c 4b Data Ascii: 3hbe3hbzIN{&?x8<22r2rp13j8\y%Ey%E
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxContent-Type: application/pkix-certLast-Modified: Wed, 01 May 2024 21:14:13 GMTETag: "6632b0a5-509"Content-Disposition: attachment; filename="R10.der"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1245Cache-Control: max-age=3600Expires: Thu, 13 Mar 2025 22:01:39 GMTDate: Thu, 13 Mar 2025 21:01:39 GMTConnection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 00 33 68 62 65 35 68 62 7a bb 80 99 89 91 89 49 c0 7b 45 d0 e4 ef b3 f4 17 15 b3 79 af 60 e9 2d bd 60 c0 cb c6 a9 d5 e6 d1 f6 9d 97 91 91 9b 95 c1 c0 df 90 db 80 93 8d 39 94 85 4d 98 29 34 d8 50 d3 40 1d c4 e1 12 56 f0 cc 2b 49 2d ca 4b 2d 51 08 4e 4d 2e 2d ca 2c a9 54 08 4a 2d 4e 4d 2c 4a ce 50 70 2f ca 2f 2d 30 14 35 10 06 29 65 16 e6 f1 0c 0e 72 57 08 ca cf 2f 51 88 30 34 90 13 e7 35 32 31 30 36 34 36 00 83 28 20 d7 1c c8 35 32 32 36 b5 34 b5 8c 02 32 51 2c 14 33 10 81 58 c8 eb 93 5a a2 5e ac e0 9a 97 5c 54 59 50 62 c8 63 c0 05 31 9d 39 c8 d0 c0 a0 89 51 09 d9 e1 8c ac 0c cc 4d 8c fc 0c 40 71 2e a6 26 46 46 86 f3 e1 4f 9f 1d 09 11 7a bb c5 fd df 49 f5 88 32 b7 00 8d 1e 59 bb 8e fb ac 73 af 6e 95 d0 dc 7b 77 6b d4 fe 5f df ce 2d de b7 9e 41 d1 3b 29 2a ca 86 51 ff 68 04 f3 b7 ce ff 7d 82 ce af 0f 6e 7d 20 c2 3e ad 3f 5f fe fa f3 5d 8d 96 9c a5 a9 db 0f ad 97 88 36 57 d3 78 be f8 0b bb 76 ae d4 ff d5 11 7b a6 ae 73 f8 ff f2 74 f8 91 ad d1 f5 15 bc 12 89 7b c4 9f 87 1c db ed 39 f1 6c 9e c4 c5 86 d6 77 cb 52 cd f6 94 bc da 13 e0 f3 ea 8f e2 67 0b b1 c9 53 76 6d b8 9c 6d c1 76 56 4c a8 ea 54 50 e9 89 b5 65 9b 0e cd 89 9d e1 1a 93 9f 58 7d 4c f7 9d 8d 70 50 1b e3 cd f0 67 16 32 f7 7b b7 ca 4f 9a 38 eb b9 97 cc 19 d7 15 45 a1 1f 36 3c 5b cc fe e6 ef 72 e9 b4 79 f6 1e dd 85 2d 85 11 27 ad 7e bd 8f fb 14 ed a2 6d 53 f2 bc 7f 93 fb 41 f6 ac b3 b3 b6 f3 4e fb 2e d4 a8 16 18 c2 f5 26 f1 db f7 af 8f 3e 75 9d 98 ca db cb c4 cc c8 c0 b8 b8 f1 87 41 e3 57 03 3e 60 b8 c9 f2 33 32 fe 67 61 01 26 81 36 03 59 10 5f 95 05 14 d0 1c da 6c 8c ac ac ec cc 4c 70 16 a3 81 10 48 5a 18 a4 9c c3 80 0d 48 31 31 32 40 b4 f0 b1 88 b1 88 ec de 73 d8 7d e9 93 3d 2b 8f 1d 5e 52 c4 23 d0 bb c8 f4 e1 89 17 06 f2 20 69 65 16 09 03 b1 06 91 ca 2d 91 cf aa b7 3d 7d c2 58 dc c0 d1 71 42 2a e2 db cb d9 79 06 46 30 f3 19 19 59 d4 0c 54 0c 94 60 7c 03 a6 36 b1 8c 92 92 02 2b 7d fd 0a 43 bd 4c bd 9c 54 60 74 eb e5 17 a5 eb 83 13 93 ac 02 0b 30 de 0d 38 d8 d8 d2 1b 79 18 99 18 c1 89 51 56 9e 45 c1 40 ce 40 66 81 d4 02 09 64 dd c9 c8 ba 51 53 35 73 13 d0 17 93 36 3e 77 34 7f 5d 39 b7 f1 d9 d9 47 aa 0f ad 14 5e 4e 70 99 ba b8 31 e6 fc e1 d8 bf 7b 17 14 5c dd 38 4d 43 89 fb d2 27 8d f3 3c cf af 3c 73 ee 51 51 92 3d e8 34 e9 22 e7 fa f9 de 5f 4e 14 f8 2b 88 6d 8c ba cb f8 4d fe 87 7c 62 b6 88 fa 86 a2 de e4 75 ef 1e 9d f3 3e 6f 7e 77 f7 e2 2b 67 9f af 0d 58 bb 77 ff e3 37 76 49 66 05 33 0d 97 bf e8 bd fb 2a e9 91 d0 ba af 73 ae d8 ea f0 ac ba 30 Data Ascii: 3hbe5hbzI{Ey`-`9M)4P@V+I-K-QNM.-
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: efax-41.jimdosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: efax-41.jimdosite.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cfruid=285351cc46e0c916846b39e16e45c6253f673c32-1741899648; _cfuvid=OKY4sCnSw5Gx3.DQ7Cja9MRI6CLObQJ_PgSvtmQ92GM-1741899648848-0.0.1.1-604800000; ckies_cloudflare=allow
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: efax-41.jimdosite.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cfruid=285351cc46e0c916846b39e16e45c6253f673c32-1741899648; _cfuvid=OKY4sCnSw5Gx3.DQ7Cja9MRI6CLObQJ_PgSvtmQ92GM-1741899648848-0.0.1.1-604800000; ckies_cloudflare=allow
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pepssh.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.6849031699966707:1741897519:avmVBONCm_rkcGrJWydSepIjYTYQn00xQEl1nH6Drtk/91fe76853c5efb1b HTTP/1.1Host: efax-41.jimdosite.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cfruid=285351cc46e0c916846b39e16e45c6253f673c32-1741899648; _cfuvid=OKY4sCnSw5Gx3.DQ7Cja9MRI6CLObQJ_PgSvtmQ92GM-1741899648848-0.0.1.1-604800000; ckies_cloudflare=allow
      Source: global trafficHTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://pepssh.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://pepssh.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91fe770df863fb1d&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: r11.i.lencr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1363397692:1741897745:WAdKFBtDib1k5Cz3_xXy9RTMqopj8VU93e5gnysIVYs/91fe770df863fb1d/RgIyx51IBl3m7lVp23rT664GQYmINTZ82QdCaXcXAeo-1741899670-1.1.1.1-S8k14ChK.rYIFPPXstmN9w97o1tFLpbjN.VliIq3fA6tDD.K00VNhawW1ISH9LpZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/91fe770df863fb1d/1741899676270/306de9cd2decfa7bb7f4bb6a48aac8a3a75c3e884dda213c5485d71c45ad490c/cy5wduhLGGlX-E0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91fe770df863fb1d/1741899676273/Y67e1hb2IN9KhXD HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/91fe770df863fb1d/1741899676273/Y67e1hb2IN9KhXD HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1363397692:1741897745:WAdKFBtDib1k5Cz3_xXy9RTMqopj8VU93e5gnysIVYs/91fe770df863fb1d/RgIyx51IBl3m7lVp23rT664GQYmINTZ82QdCaXcXAeo-1741899670-1.1.1.1-S8k14ChK.rYIFPPXstmN9w97o1tFLpbjN.VliIq3fA6tDD.K00VNhawW1ISH9LpZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1363397692:1741897745:WAdKFBtDib1k5Cz3_xXy9RTMqopj8VU93e5gnysIVYs/91fe770df863fb1d/RgIyx51IBl3m7lVp23rT664GQYmINTZ82QdCaXcXAeo-1741899670-1.1.1.1-S8k14ChK.rYIFPPXstmN9w97o1tFLpbjN.VliIq3fA6tDD.K00VNhawW1ISH9LpZ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: r10.i.lencr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: efax-41.jimdosite.com
      Source: global trafficDNS traffic detected: DNS query: static-assets.jimstatic.com
      Source: global trafficDNS traffic detected: DNS query: fonts.jimstatic.com
      Source: global trafficDNS traffic detected: DNS query: storage.e.jimdo.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: at.prod.jimdo.systems
      Source: global trafficDNS traffic detected: DNS query: pepssh.com
      Source: global trafficDNS traffic detected: DNS query: r11.i.lencr.org
      Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: arthhrex.net
      Source: global trafficDNS traffic detected: DNS query: r10.i.lencr.org
      Source: unknownHTTP traffic detected: POST /anon HTTP/1.1Host: at.prod.jimdo.systemsConnection: keep-aliveContent-Length: 308sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://efax-41.jimdosite.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://efax-41.jimdosite.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2888_241107660
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2888_241107660
      Source: classification engineClassification label: mal60.phis.winEML@26/0@34/185
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250313T1700230312-4732.etl
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\b96a6d6fd568db5fb70ce3ac0574381a.eml"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6D0DF245-6A73-4E0D-817A-9E1EA2184F7C" "5FEB52B6-D788-40D3-A11A-7EBE9E094627" "4732" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6D0DF245-6A73-4E0D-817A-9E1EA2184F7C" "5FEB52B6-D788-40D3-A11A-7EBE9E094627" "4732" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://efax-41.jimdosite.com/
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9104578188775906137,8397712373787190548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://efax-41.jimdosite.com/
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,9104578188775906137,8397712373787190548,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation3
      Browser Extensions      		1
      Process Injection      		11
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote ServicesData from Local System1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Modify Registry      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media2
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Process Injection      		Security Account Manager12
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive4
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      DLL Side-Loading      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture5
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      File Deletion      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/scripts/jsd/main.js0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91fe770df863fb1d&lang=auto0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/0%Avira URL Cloudsafe
      https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?0%Avira URL Cloudsafe
      https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.6849031699966707:1741897519:avmVBONCm_rkcGrJWydSepIjYTYQn00xQEl1nH6Drtk/91fe76853c5efb1b0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91fe770df863fb1d/1741899676270/306de9cd2decfa7bb7f4bb6a48aac8a3a75c3e884dda213c5485d71c45ad490c/cy5wduhLGGlX-E00%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1363397692:1741897745:WAdKFBtDib1k5Cz3_xXy9RTMqopj8VU93e5gnysIVYs/91fe770df863fb1d/RgIyx51IBl3m7lVp23rT664GQYmINTZ82QdCaXcXAeo-1741899670-1.1.1.1-S8k14ChK.rYIFPPXstmN9w97o1tFLpbjN.VliIq3fA6tDD.K00VNhawW1ISH9LpZ0%Avira URL Cloudsafe
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91fe770df863fb1d/1741899676273/Y67e1hb2IN9KhXD0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      e192961.dscx.akamaiedge.net
      		2.23.227.210
      		truefalse
        		high
        storage.e.jimdo.com.cdn.cloudflare.net
        		104.18.32.123
        		truefalse
          		unknown
          at.prod.jimdo.systems
          		3.255.10.234
          		truefalse
            		high
            fonts.jimstatic.com.cdn.cloudflare.net
            		104.18.41.38
            		truefalse
              		high
              arthhrex.net
              		147.45.177.75
              		truefalse
                		unknown
                challenges.cloudflare.com
                		104.18.94.41
                		truefalse
                  		high
                  www.google.com
                  		142.250.186.36
                  		truefalse
                    		high
                    s-0005.dual-s-msedge.net
                    		52.123.128.14
                    		truefalse
                      		high
                      static-assets.jimstatic.com.cdn.cloudflare.net
                      		172.64.146.218
                      		truefalse
                        		high
                        pepssh.com
                        		147.45.177.75
                        		truetrue
                          		unknown
                          web.jimdosite.com.cdn.cloudflare.net
                          		162.159.128.70
                          		truefalse
                            		high
                            r11.i.lencr.org
                            		unknown
                            		unknownfalse
                              		high
                              efax-41.jimdosite.com
                              		unknown
                              		unknownfalse
                                		unknown
                                fonts.jimstatic.com
                                		unknown
                                		unknownfalse
                                  		high
                                  storage.e.jimdo.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    static-assets.jimstatic.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      r10.i.lencr.org
                                      		unknown
                                      		unknownfalse
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://at.prod.jimdo.systems/anonfalse
                                          		high
                                          https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/scripts/jsd/main.jstrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.6849031699966707:1741897519:avmVBONCm_rkcGrJWydSepIjYTYQn00xQEl1nH6Drtk/91fe76853c5efb1btrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/91fe770df863fb1d/1741899676270/306de9cd2decfa7bb7f4bb6a48aac8a3a75c3e884dda213c5485d71c45ad490c/cy5wduhLGGlX-E0false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/45lar/0x4AAAAAABAo7UHKh-cl9RRE/auto/fbE/new/normal/auto/false
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://efax-41.jimdosite.com/true
                                            		unknown
                                            http://r11.i.lencr.org/false
                                              		high
                                              https://pepssh.com/?wqohhbtk=2a33e7467ae45bf556a700aed3c0a48538550412f9fb62e401e53e056ccc7adc6b86a5889291afaab950053048e03c3accdca6e864f0775793eabe1674ff8667true
                                                		unknown
                                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91fe770df863fb1d&lang=autofalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://at.prod.jimdo.systems/cffalse
                                                  		high
                                                  http://r10.i.lencr.org/false
                                                    		high
                                                    https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.jsfalse
                                                      		high
                                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1false
                                                        		high
                                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1363397692:1741897745:WAdKFBtDib1k5Cz3_xXy9RTMqopj8VU93e5gnysIVYs/91fe770df863fb1d/RgIyx51IBl3m7lVp23rT664GQYmINTZ82QdCaXcXAeo-1741899670-1.1.1.1-S8k14ChK.rYIFPPXstmN9w97o1tFLpbjN.VliIq3fA6tDD.K00VNhawW1ISH9LpZfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://efax-41.jimdosite.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/91fe770df863fb1d/1741899676273/Y67e1hb2IN9KhXDfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          142.250.186.67
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          2.23.227.210
                                                          		e192961.dscx.akamaiedge.netEuropean Union
                                                          		8781QA-ISPQAfalse
                                                          104.18.94.41
                                                          		challenges.cloudflare.comUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          20.189.173.3
                                                          		unknownUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          172.64.146.218
                                                          		static-assets.jimstatic.com.cdn.cloudflare.netUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          104.18.41.38
                                                          		fonts.jimstatic.com.cdn.cloudflare.netUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          147.45.177.75
                                                          		arthhrex.netRussian Federation
                                                          		2895FREE-NET-ASFREEnetEUtrue
                                                          142.250.185.163
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.185.142
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          142.250.186.131
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          52.111.243.41
                                                          		unknownUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          162.159.128.70
                                                          		web.jimdosite.com.cdn.cloudflare.netUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          1.1.1.1
                                                          		unknownAustralia
                                                          		13335CLOUDFLARENETUSfalse
                                                          142.250.186.36
                                                          		www.google.comUnited States
                                                          		15169GOOGLEUSfalse
                                                          108.177.15.84
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          172.217.16.206
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          52.109.68.130
                                                          		unknownUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          172.64.155.133
                                                          		unknownUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          3.255.10.234
                                                          		at.prod.jimdo.systemsUnited States
                                                          		16509AMAZON-02USfalse
                                                          104.18.95.41
                                                          		unknownUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          52.123.128.14
                                                          		s-0005.dual-s-msedge.netUnited States
                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                          2.23.227.205
                                                          		unknownEuropean Union
                                                          		8781QA-ISPQAfalse
                                                          104.18.32.123
                                                          		storage.e.jimdo.com.cdn.cloudflare.netUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          142.250.181.227
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          2.19.11.102
                                                          		unknownEuropean Union
                                                          		719ELISA-ASHelsinkiFinlandEUfalse
                                                          142.250.186.164
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse
                                                          216.58.212.163
                                                          		unknownUnited States
                                                          		15169GOOGLEUSfalse

                                                          Private

                                                          IP
                                                          192.168.2.17

                                                          General Information

                                                          Joe Sandbox version:42.0.0 Malachite
                                                          Analysis ID:1637736
                                                          Start date and time:2025-03-13 21:59:53 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:16
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • EGA enabled
                                                          Analysis Mode:stream
                                                          Analysis stop reason:Timeout
                                                          Sample name:b96a6d6fd568db5fb70ce3ac0574381a.eml
                                                          Detection:MAL
                                                          Classification:mal60.phis.winEML@26/0@34/185
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .eml

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                                          • Excluded IPs from analysis (whitelisted): 2.19.11.102, 2.19.11.103, 52.111.243.41, 52.111.243.40, 52.111.243.43, 52.111.243.42, 52.123.128.14
                                                          • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, dual-s-0005-office.config.skype.com, nleditor.osi.office.net, prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtSetValueKey calls found.
                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                          • VT rate limit hit for: efax-41.jimdosite.com

                                                          Created / dropped Files

                                                          No created / dropped files found

                                                          Static File Info

                                                          General

                                                          File type:ASCII text, with very long lines (621)
                                                          Entropy (8bit):6.022839231613119
                                                          TrID:
                                                            File name:b96a6d6fd568db5fb70ce3ac0574381a.eml
                                                            File size:26'180 bytes
                                                            MD5:1e2dc8481eee427f4c740cfe93cd045b
                                                            SHA1:e5386bf92d619c5427196cfb0628d55525817cab
                                                            SHA256:203fb081f3f8e4f168247f572d85880a44871ba8fa3435c58eccaa142f3a6c8e
                                                            SHA512:8817980ae5806a02dec78f79f7ab11ae45efa543a0dce9005f5f55342c1d5a053a7f9a1a026dbd22b822a5a62e503b73a7bfee2bbd299a359fd920a5c8d0bf85
                                                            SSDEEP:384:b8rmkTb5yByCsYSQhfeqSJzhrl86607MAUZ+iCDnurRTRM+I7ThrR6RMLbm:b8rmkTbMBb0tJzVla0mgrDudIHhNm
                                                            TLSH:E7C25D29DD65063B44B771DC951BBE8B6240497FC633A490C4BEF5BA2ECB0AE7201F09
                                                            File Content Preview:ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;. b=jXD5ppRJQW1TwbKklSdQYyuClSy5qHV1Ar3vSgRwU0H6w5bU1oGuflJmvG8cFq8B5h2dk7OxSbUFaq3HJLqe3fb0oneAzg7skRyEnu2513tCDMqPf//WuZxwPIMAg2YAcWJJy022hRLOupqzLqkvBmkNEfCc2iLzZK8EVCqLQL1G9vDcL

                                                            Static Mail

                                                            General

                                                            Subject:FW: Wilson Health
                                                            From:"Barhorst, Quaniece" <qbarhorst@wilsonhealth.org>
                                                            To:"Barhorst, Quaniece" <qbarhorst@wilsonhealth.org>
                                                            Cc:
                                                            BCC:
                                                            Date:Thu, 13 Mar 2025 20:13:25 +0000
                                                            Communications:
                                                            • Please See Attached Thank You Quaniece Barhorst, Purchasing Department Strategic Buyer Wilson Health Ph:937.498.5423 Cell: 937.489.9476 qbarhorst@wilsonhealth.org<mailto:qbarhorst@wilsonhealth.org> Confidentiality Notice: This e-mail message, including any attachments or previous e-mail message(s) within, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original. Thank you.
                                                            Attachments:

                                                            Headers

                                                            Key Value
                                                            ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=imXbNgY/XiI/65UEInmQbTyBNlD6xI8yyXUzWMXMfJGn/QcLQEW1LjfB8OGgmtGJwuPPQIMXZvrdxfRcdG0DIxzYi3wwCquLTCeehl1YZRlAxM43hvg6vih6WpIWP3c1YUAG8kCGVMywNSxZ3MWPRcItzOY5lWI7oQ0sQLEuIR8ggAGOWUXkC6lMnEYtf8duWdrVF3db1uLDDk4Qdw8GiQAHwPb+T1Kyt6LTW8Qz2ZVpUhIf/61E8JJeVZ7D7xnlrd4whbYtNfMr+qqT2IB6tFkfyN/UwaOS6OLdCcGj0onLrKs/lSFfnvGRCgP3DFLiKWHT9vJOWcl1fOThqWlmaQ==
                                                            ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AP4fEvZCpGeJxuTsBXunti6cVCxtUId50/lpYRBv9ZI=; b=OzGj/2JOEBWUn4RssdD8kHPnhVyuCRSzPZ4PIA9qmBInrAZf4x9VHkBHfqSICUljdQxf16ZT8ZjJku6tBuKGsm7Yf3R7Pu53ssHAg9ZrDieJo163xXRVean1yvMmRNANY6gz38DRGv4ajJXY2MP6silCdEI+45Bfwhal8ZEFEZjfhUTyG7KTJc57TZYwMKb8Pya12swtFS4M4JSyiZ2/O0dMyeT9hUr1O63/qb7/W76IVs3EcK06fuKvGgchPxgIsI/BN1wXjGRRZICrJbDL6/+lBf1XWzXhRGS3E4ECjAvXO8iHmTOZPYGTSvZWPr14QxMkL94pCNui4tscaoEc3A==
                                                            ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wilsonhealth.org; dmarc=pass action=none header.from=wilsonhealth.org; dkim=pass header.d=wilsonhealth.org; arc=none
                                                            Receivedfrom CH3PR22MB5548.namprd22.prod.outlook.com ([fe80::58d4:7a93:467c:af3c]) by CH3PR22MB5548.namprd22.prod.outlook.com ([fe80::58d4:7a93:467c:af3c%4]) with mapi id 15.20.8511.026; Thu, 13 Mar 2025 20:13:25 +0000
                                                            Authentication-Resultsspf=pass (sender IP is 216.71.146.163) smtp.mailfrom=wilsonhealth.org; dkim=pass (signature was verified) header.d=wilsonhealth.org;dmarc=bestguesspass action=none header.from=wilsonhealth.org;compauth=pass reason=109
                                                            Received-SPFPass (protection.outlook.com: domain of wilsonhealth.org designates 216.71.146.163 as permitted sender) receiver=protection.outlook.com; client-ip=216.71.146.163; helo=esa2.hc5498-87.iphmx.com; pr=E
                                                            X-CSE-ConnectionGUIDGww+t3ZpQi2kLS9Y8Iexig==
                                                            X-CSE-MsgGUID9+WbNzYxQ/WhPRoHl6nQQw==
                                                            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=wilsonhealth.org; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AP4fEvZCpGeJxuTsBXunti6cVCxtUId50/lpYRBv9ZI=; b=Pl9Nh0mcY9V4tb7i6iP2P8ivQDaiyHCfn0VcXrj/+1k6pJwQggjOudwpPYCxzAoZHJc6ZR80dWgl3tc0Tj4iIuF5/txnHLXC9c4LraAGCVu3lFhfY9d1pcqY8wuv9CKoeHrmiVdhyU0LTnUC/Sb5v4J+hgxIPbT6TqFYgKYQwJA=
                                                            From"Barhorst, Quaniece" <qbarhorst@wilsonhealth.org>
                                                            To"Barhorst, Quaniece" <qbarhorst@wilsonhealth.org>
                                                            SubjectFW: Wilson Health
                                                            Thread-TopicWilson Health
                                                            Thread-Index AduUUrSdrYdEqFaDSiWV89GC2xxVtwAAGKRgAAAWNtAAAAD9gAAAARdwAAAAuMAAAACMgAAAAHwgAAAAzqAAAACxkAAAAITAAAABtdAAAACRUAAAAfdQAAAMNdAAAADRkAAAAJIgAAAAqcAAAACHkAAAALYAAAAAm9AAAACY0AAAALFAAAAElHAAAACZsAAAALTwAAABF7AAAAC6kAAAAJCQAAAAmDA=
                                                            DateThu, 13 Mar 2025 20:13:25 +0000
                                                            Message-ID <CH3PR22MB5548E2BCA8BF37E642D8028CC0D32@CH3PR22MB5548.namprd22.prod.outlook.com>
                                                            References <CH3PR22MB5548C9C472BD870FBC406ABAC0D32@CH3PR22MB5548.namprd22.prod.outlook.com>
                                                            Accept-Languageen-US
                                                            Content-Languageen-US
                                                            X-MS-Has-Attachyes
                                                            X-MS-TNEF-Correlator
                                                            Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=wilsonhealth.org;
                                                            x-ms-traffictypediagnostic CH3PR22MB5548:EE_|MW5PR22MB3177:EE_|MWH0EPF000989EC:EE_|LV3PR14MB7531:EE_
                                                            X-MS-Office365-Filtering-Correlation-Id161f8b62-c18c-4098-0e8e-08dd626b8832
                                                            x-outboundauthclickmysecretkeyClick
                                                            x-ms-exchange-senderadcheck1
                                                            x-ms-exchange-antispam-relay0
                                                            X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|7416014|376014|1800799024|366016|4053099003|4013099003|8096899003|38070700018;
                                                            X-Microsoft-Antispam-Message-Info-Original qUS4jx2z23NhvyTpwGM3qKM+Kl4j0MtW69UV5sfoFndBZnsKzxCOWAFLC/iUfVc1+mY4ZDIXnlVLbrcOda3mK23yD/Woxft/k/pAnh4S88zwNGHCv1giQAvB7KXP7lGTMhgTYQFyIaJk9PnEP3bRGRb8acXst6ZPgLh9vOfskV4dxGeNI33MedOccSnpcrqGGZ9k2tx62gCYfTsryQ8FEm3LOlQniNsKpsHb7PJaShuwjL8s1CnFH3Aq5IMYCL+rAQ6JJHyqlH5NTD5CNIO39zOggxOZ7zjbWAwonw124+8hTluPJEUjJTi3dPll+TyWGEWg21jVq5SmlUmZePCEatodsc2u1noxXalI70axfvUCl9MKlvBN0cs318h3SQMPlbrv+WgWhzf1sNjz2bOqeskxqPFeaGDXBLelgahPVh4ucgRIIIWC71JlbUXEWSQTn4V3nOlgEPG1KUr0r9JC/ZFmQqkpHRwttttgcb9Jx7h8BRGcXnzkZDYRWrv9Xd73+An7AgJFp+vzUVdapWrfdkLR4saHubwHaPda9Z+LZfyDUXGmZNApCTIL1+XqQg0pwes9t9mOWAmLJAdi2gokenoFXxJcjk6OVrjkE8+iqdYO/v91AR7FYEvtrJfgUaKFGayaokt7UOWsFKqAJsdGZsOJ6FU2FnY6iFVnvoXM1CnCq7bFsUAkGVliZMhbsVdpmibeAMmtC8Ez8l+4/R3iCsMUt02MiAqEgPwk58H7wh6/+y2qp+y6fxh1gYnnODY0enI45YUX5B+27HlscobRT29XwrSoVOjQ2KYFL2ti0Rz7HzQHV8yh1/3OCBPhIZyfdV6g932Wp7ovcRK7Gv6V0xD0XHuVso5vAq1pNymgoCU3Xu29GiTTSgh8rXn0Cq6IT25c/y9mjlIFczpO4sJFRLM/MKWGg91rypniVHuBfPmqQDuL9JOZR0ZrOK9/k6NWNUgWwZ4h4MHLoRX4WTTM11DHjm3uZxFmG+cNGBCD0jwKFkKTuthPDwEShmHD2wurRjJwbqMNhmv4Q3XTMxPW1oBWxek2y00z4kvfmIK1KlfHkXr2Y1nxEN5juDPZtMFBiER47W0pq4xM9R/6sg22M2K5Vh+/TFjGM4+Twcb9Q6XAbGlru7AS11Qg14eJml/J/GDrkw9hTZlniI8xRoamz3lY1VfFmzQyWERVWO7lyKu7XFtuOWutYXhJa+5EfbxUb4WM8LI8VIf+wyM4SVhsBa3xNrsWe6aVRymNLS4Y7PWebv9nJXeHTAHvQkRw86ql669fP2vQ81p23C3AUID3AuUx3YYPJ3FgntSX3ejHseyDiylZjWTeBUcsKfc9cZqtI/44K40bilx9R10Cegs8p2KFvHKYqj6qzMoKWrQQAgWhNGzqkyQ1jXgX/zNoZw2l
                                                            X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR22MB5548.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(1800799024)(366016)(4053099003)(4013099003)(8096899003)(38070700018);DIR:OUT;SFP:1102;
                                                            X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
                                                            X-MS-Exchange-AntiSpam-MessageData-Original-0 9desm8Sq4/xYDt2+2RM+PVKge6pbO8pwrigmJIfl1CnWS3TKbfN8uUJl3EDd/RPepGsoo2atOWBrrrRdZTDLlY40KHtOg52SJuCtNcZYqfX6jWaLiR2J4GIAKdHV7lOAMnmilHt4SI14axT4XaVUJ4dTZAkwf39rRGQhuyTaWICSxu9C3+Ok/bWcznIVsnQT/76ZpK4YbQzi3mpcZNhMwSz0zgtTP3+YaXoibp0v1PFLm8JB5nB9XvhnDI6lY+xiAal3XM+J5pRCqi1P/7YssntEXDSlRsMbxYWgqo0xo2abUSngveODfbEefJdxDMhQ63vGCdu9QiiEx1l5uHpiV3MpdzqX2ENMysJqZUpGBvPjGxgHKWLwMxgEhDF/aXIbWSyK/V4bvrn1E6fi4JOWHCFrT6W8A3l1yJ354ijiLG9eM38dj/aI1phh+xz0i4OzqXr7YH0X7tmcQD8EIs9LpMW9/LUDtyM/22lq3BJQo+zwJC1hsVdwu8+nVk95UdRiUVMfbBY8dslG+TQ40DUvk5eKc7GXlXE2jvxvVoPEBQAHuXSAdz/pE77cCPmgn3Dxq8zIVR4YpFMIgV76f+sjcNHn49OLdMNSrJGpCdS/SPMfewg+Pf3wSTc71jtaAyKQr4X9aJttTqse1A5kFLCfn7QfOWXOS4/pze9miULXQZdsG2ukGdU/99QQGcsEjOIUOgbbtLVNjGBbIPZKSCrZKQ5aG8ta/nhtLhmhdRCyqDFhU46ctGHaH3pZ/2yPMVbOEAkbdFKge4G+CiKhKDt6W4ccDK+3LceJPnsGyFtwOgHcSzJvh2Xe/g2ASDgZSFSlYZqFlLzvZuAC+226dg75oxSGcPJgIecvJlkoVMzqtkp/CNPmDuLBgQhP4MenVQQJje1lIp6CSwJEIRddO7ydF4IwUMRRB1CRDRg6uxfki/93DwgAw+ds4LYEjmRbirkqOky4bZLP7709otB5RxG/m6RjTI//IXzEKowWqRKUdF1gFs4XukTxNLJsN/YAGzJj3+mNSqK+KOW8LNtto8nGafo+cnQ5jxNllKxr0FtTMvSZNADv063m15YA8tPXPV2jld0TR9sI4aDjehUi65ILh7fkAHt6clnNz8hvMrMeZkgLi7d1FSQOnrie91aWMM8ifmG7QkKxhICaW0CK6F6zVVuXW2JHW32FlUm3T8utAjR+xiJj3fY6x3Q5Vp770M7qoaJ29+YEjpH1rYWxftoWQVpWrwM9Tg+lbA9fU662CsdQIthDhq7SX+rvOkOt3Gko/zKodqjS1b/c4bcrO/A8/gEfx9GLaamcyQ9QonnnUpna6KQwriSKuHHH5Q1B9uoayxCkBXvQ26M3n5PSpUgiNa5MfOhEciiDNkLq1Bb2QqTK6WURhWVqrbxIeChA2W77n9zuKUlqep5/TlDfzUN8Hud2DQ4zuuGevt4iSVzUSHC8VHLFLOuH/uZwjdj+OsoPjVGvbBGZKGq7I9LuzkntYHYGmWfnCe4o5p0gDbUhol4AzIIm/0C7N0/CX1lrSYNavqdD63LxsDYRum5nV0kgvbsy476Z3gURGFyzvHVvN/lTc/hLV+Vd0we/K8ECgx1N
                                                            Content-Typemultipart/mixed; boundary="_004_CH3PR22MB5548E2BCA8BF37E642D8028CC0D32CH3PR22MB5548namp_"
                                                            MIME-Version1.0
                                                            X-MS-Exchange-Transport-CrossTenantHeadersStampedLV3PR14MB7531
                                                            X-EOPAttributedMessage0
                                                            X-EOPTenantAttributedMessage090e8095-a70f-411c-bb34-41695d7e117a:0
                                                            X-MS-Exchange-Transport-CrossTenantHeadersStripped MWH0EPF000989EC.namprd02.prod.outlook.com
                                                            X-MS-PublicTrafficTypeEmail
                                                            X-MS-Office365-Filtering-Correlation-Id-Prvs 36fc38a8-3bde-4bce-76a1-08dd626b82d5
                                                            X-Microsoft-Antispam BCL:0;ARA:13230040|35042699022|12012899012|4053099003|8096899003;
                                                            X-Microsoft-Antispam-Message-Info nKDZBTxbDFupb4j6rHcqM9cVs9VXGs85RZ2dS8+ZJgXOXUyShqq7I3mJ3tx4UgGDKLwl7BrdcpyvwRd/JmKHX2R1BIkDaJKDXe2G7rSr2u+sFKdvGubzbKL779pJ8cJOL3+onyp1jKkxtw1Yjrtqpol+eA8JJ82fI0QquASeBS9KllZ2lUCgV2NzUo2LCC6Nt2+FZHU6/7R6AN5gykTm4pGVJRocZQzcjoFJthbfwaLX2Aqv0OgLEtLD8P6BvXakj5o9zqB2P2lpIuT+AMxWd1wqvAbKveXX9h7oDVh/nlWHNqKBEJBGkGXhoXtHV0zDD8ZPnzb974g12u7Ylb0Egf6uJUk43w9ecD6TjHKjd5WTN+Ac9Z7T5LQxFZjuAZqCbRd0y1g7MLWP8YkX/SuzCJ9+3z0RWwmQH4lOEDSiDcZ2uYYVKjPjS9D406Cc5z6K48XMPn1kd9KonQBO1MZFA7b0zL8t6wbun/Hszvjkb5KqNpR7d/oVYI+Ir4r0lMNrYuoNCle9iL4a2hjK8qLQY11YHVuCbYULqEnXrLtM70dM7tlOlnuM6FPmPQqtNDcSh6TGiBKyfwpw+hGJYAC/gpOx0HJhN39LK23yXe4a874hfXeoRLjqmFPZMCwMzs4AeZHzOzGvxU47Jrgf3cvj0lnZLtVkkrMy1IcaLjkrz5LXPgxg0icCPbzyg65h0ka1NeD67nath1QPS0/SK4cWaOxyCic+6Bt67hu7SK0x2W+A46HI1hH45IifzBo+KRzDJy2neWsIQJURKgus3hFnR4ugG6UqbC6eClVX2tuRfpCL71x4TL/UB12drNOoyw6EtInWXPR5fF2j832TAi4VhOcmyoQC99ty39SySDPoX373zPVxtoKw1WtpkaNO2afgLLR6+b37I8PD/r/eW3O0UZBfbDLzOLn3Zi6JNOgvrFBEYi7kJUWwOUkdMALXimLKf2kZhaAD88IWMvzA4cw6DF0dhOhmarzjZ5UpPY62ZXt5JyATcXQ/U1BcdS0DL3QfGue03Es1vMIIHpbjB+RHM9jeGWIE0HLo4e4TSJP2sbtTIfyldTJPKgKcwd1g/nzrumbrHeVlVmsb8DkcK9KyPpjDWc67lrr4WR2EqiHsmOwoXh8KAop7ZIw7UlENILSeFCTu5sjYaQADj0s5Gxxonxgrpi8gJFpVrVCd90xg6upVm4r16W1ekRc/13qypNhsYXoZnarfHIVJ8hKNq9tWURDtC9BpjMMyD+eyCGl2vm8otmElXPsVp1CEsPDgIhovoR99O0ju3HlNtxYHHOGOl6n0b+hPgWTrGa3qzMx11SSr3IAfH5oozmnRkdVI38Mwq8PqzmAdCtisrNuO/x8+f5kYo6v8YjI1qW6AZ9Du86Y18WVVqSFg0L+7M5faDH0ERlU+pyDsN/CgxiX2aOn6x2TgP6ZhV2WYlTkmv7iP6KajruI0wOOMqoE/JmLf/kzSZmM0M6YN+BgpQ+oUEZjG4FNUZpXNE/J1jBlTmD6eDETxSsX2eEtuDMP29hRiOq9GjFYXLU9I8715eJkzMQEF5KZKRj2oURmFUoz8oHq50xS/Z/xy2bNjvhDMs0WRDoxPYZ1IcreYa7fzpms0usEubn6Vzt1/6ZXyyiuxBBZnNHtmSlxdvZNfYUbrDthe2OHZKg7n/q7kAva1oriu1WyvpepKrxoqdhj6BxuhymsMIcf2eHQguIzy+3G6VEmYBd31IXU+uOOEm040Llr2YSYJR0MV5SsqV8U3PzMt6y56Jj63bHeEjIxtxbDzXR0S4ZJg74KDGxVm8NZslOWKAcCtENtDIx2REYgmpvbppGi2bqjV58jMZHiZ3IfYNahV3nZfdcvhQFTrpbcSOzIo13ZhPi8W9gpCue3N77+8DiVek/p++2psMEJSXITlfLBkaDCsyk/ByC10hLVuv+tfFbvRjmejJEJUmi1aPuVCb0x1oLEvn4MVov6F77/XLVM5JwZn
                                                            X-Forefront-Antispam-Report CIP:216.71.146.163;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:esa2.hc5498-87.iphmx.com;PTR:esa2.hc5498-87.iphmx.com;CAT:NONE;SFS:(13230040)(35042699022)(12012899012)(4053099003)(8096899003);DIR:INB;
                                                            X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount1
                                                            X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0 T7LHQm/j8rbzEWg96G+B39kcHEg7JH8XuUsl4Oat0rrBXlmdO7zA5hyMaCfA4covDhxA967CcMEvi1LxN0DlU5kbgPrYXj/EDWWsMa+CEl5jrE61GrK/Hk0FIvObizPbMBpJvMFB37s2VdO7AcDcNR6K+i+04+61VLyVNe1lq6ZzsOhI1uFNuHU5fZ66wtl6gRYJMBO9rks6tWIEpHONNPp8IXGgfWiRGYJtptlXgos5dYN+tRpyHR7QAyzvDn1/xMxV5mJxBuJp4/O9ryq/sjwpxEuRAx7Z0AlvyPPC6uY24WZUENow+VkHgyNKkFZYETHFHRIXUtWgRbta0UsctfLbiL4uWHNTk7cUHm4qSmXgjQehigcG3uduU65K3aKV+eykm0Hc6FtkBbKOsheVdnGtSkpkR6GG0ppfZtoyA6A6Oy4gp2KwTGCGarw2Lm3ySqrhLafYlurOdSpYz59k6N0AaLHf/iXD7CH4e9bymC2wN6xD6fsfcwmIHq0+eKQ7giJ8DlTeBBG2qJUtG2xkY6lvDfCRp0ZViWVMKvKARHkwqawP7/f6BfS2hOwbskMZdr6UBJzujHl249psSEVb6d3Pak3PFQOpyanhKhBfcmw=
                                                            X-OriginatorOrgconcordancehs.com
                                                            X-MS-Exchange-CrossTenant-OriginalArrivalTime13 Mar 2025 20:13:34.1076 (UTC)
                                                            X-MS-Exchange-CrossTenant-Network-Message-Id 161f8b62-c18c-4098-0e8e-08dd626b8832
                                                            X-MS-Exchange-CrossTenant-Id090e8095-a70f-411c-bb34-41695d7e117a
                                                            X-MS-Exchange-CrossTenant-AuthSource MWH0EPF000989EC.namprd02.prod.outlook.com
                                                            X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                            X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                            customerconcordancehs

                                                            File Icon

                                                            Icon Hash:46070c0a8e0c67d6