Windows Analysis Report
Emarine System Contact Update.pdf

Overview

General Information

Sample name:	Emarine System Contact Update.pdf
Analysis ID:	1640832
MD5:	a418ff1ba4c56c0da7a4e089f585a186
SHA1:	e297301d64a5b60689ccaa55631a643ac779bed5
SHA256:	3346db897f5d92fbcc3905ade71a997d74f34d6e82ac4a7033d7033f6839c902
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected suspicious Javascript

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Classification

Signatures

Phishing

AI detected phishing page

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with domains like microsoft.com or office.com., The URL 'login.o365contact-verify.click' does not match the legitimate domain names associated with Microsoft., The use of 'o365' suggests an association with Office 365, a Microsoft product, but the domain is not a recognized Microsoft domain., The domain extension '.click' is unusual for a legitimate Microsoft service and can be a red flag for phishing., The presence of 'contact-verify' in the URL is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.10.pages.csv
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft services, including Office 365, is 'microsoft.com'., The URL 'login.o365contact-verify.click' does not match the legitimate domain 'microsoft.com'., The use of 'o365' in the subdomain suggests an attempt to mimic Office 365, a Microsoft service., The domain extension '.click' is unusual for a legitimate Microsoft service., The presence of 'contact-verify' in the domain is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.13.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 4.58..script.csv, type: HTML
Source: Yara match	File source: 4.16.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.6..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: blob:https://login.o365contact-verify.click/f5b2f7... This script demonstrates high-risk behavior by using the `eval()` function to execute dynamic code received from an untrusted source. The use of `eval()` allows for the execution of arbitrary JavaScript, which poses a significant security risk. Additionally, the lack of origin verification and the absence of a message source indicate that this script is vulnerable to cross-origin attacks and could be used to execute malicious code on the client-side.
Source: 4.112.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of the `Function` constructor and the ability to modify the `sRandomBlob` property, which could potentially be used for data exfiltration or other malicious purposes. The script is also heavily obfuscated, making it difficult to analyze and understand its true intent. These factors contribute to a high-risk assessment.
Source: 4.58..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://login.o365contact-verify.click/common/oaut... This script exhibits several high-risk behaviors that indicate potential malicious intent:1. Dynamic Code Execution: The script uses the `$Config` object, which could be used to execute remote or dynamic code.2. Data Exfiltration: The script contains URLs that appear to be sending user data to external domains, such as `outlook.o365contact-verify.click` and `live.o365contact-verify.click`.3. Obfuscated Code/URLs: The script contains a large amount of obfuscated or encoded data, making it difficult to analyze the full extent of its functionality.Additionally, the script interacts with domains that are not known to be trusted, which further increases the risk. Overall, this script demonstrates a high level of suspicious behavior and should be treated with caution.

AI detected suspicious URL

Source: https://o365contact-verify.click	Joe Sandbox AI: The URL 'https://o365contact-verify.click' appears to target Microsoft Office 365 users. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The domain 'contact-verify' suggests a verification process, which is a common tactic used in phishing attempts to trick users into providing sensitive information. The '.click' domain extension is not typically associated with Microsoft, which increases the likelihood of this being a typosquatting attempt. The structural similarity is moderate due to the use of 'o365', but the domain extension and the specific wording ('contact-verify') are not directly associated with any legitimate Microsoft service, increasing the likelihood of user confusion.
Source: https://login.o365contact-verify.click	Joe Sandbox AI: The URL 'https://login.o365contact-verify.click' appears to target users of Microsoft's Office 365 services. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The subdomain 'login' is typically associated with authentication pages, which increases the likelihood of user confusion. The domain extension '.click' is not commonly associated with Microsoft, and the structure 'o365contact-verify' suggests an attempt to mimic a legitimate service related to Office 365. The combination of these elements, particularly the use of 'o365' and 'login', suggests a high likelihood of typosquatting aimed at deceiving users into thinking they are interacting with a legitimate Microsoft service.

HTML body contains low number of good links

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://login.o365contact-verify.click/aExWtFxo

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

HTML title does not match URL

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Title: Just a moment... does not match URL

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No favicon

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="author".. found

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 45MB

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.11:49807 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.234
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.9.214
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_rt_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js?onload=EFpGI0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveOrigin: https://login.o365contact-verify.clicksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7bc00f21fbfb&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7bc00f21fbfb/1742235409246/e2a73584760cfdb648e016bf37cedc29239b751956b9c0b29e072beb37001c74/ecn5-1p3kfXiNgd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Referer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_rt_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBsAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7c294ed04f3a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7c294ed04f3a/1742235426143/9077f77a9a22a3d775bec1f7b4425488a10d8ec26d1b7d537c2683e08a0fdf15/WhczPpBGXHLy4X0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse; cf_clearance=Gbsjd6.iGpw8LpCvOwd5wIL49BN7vF0QhHv65.OCqaA-1742235440-1.2.1.1-DRzsiK_NwI0G2WfFFPvRj_yPP4yuhZC80xL9h864ijtYIzAZMhveWOgWf816Hf63XtoWNGBxv2YTyDe8qu0K3AzoDDwFOrvHduy8X2yd61aIl7qtRWyIoSW6H9wC.n1zi5G57b1KUQ1OVSM5RgZAuqw8nh7x0WuHxKRNp_vz..uwQsOmRGAX8F8AeS5NnbQMEleYr.CesmxBGsu4ksdpVoXZ0r3atxjHGW_pJSLgOiqVcMOj3LKAgxFwK8DelMWq570pR4I1OM7eeAlEd2FAN36HJBTIKMHi9yKY9Z_VujM2oTZqqXFpvRZlnDnIDdmG1mtRy8jfME7rDCCMp8JZ7SqhSYD_pQYX1E5QIJYzUHMf6hqq55BFNCCOzUbD.95LGQHcHK31h13W7HI9noT8mdYKvmsUxZnaB4Q6_aKwMYg
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.0.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0 HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.1.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.2.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.3.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.png HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: microsoft.emg-dev.com
Source: global traffic	DNS traffic detected: DNS query: login.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: live.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: outlook.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=oCskCP2DfrAaReZZaLlc3O9b6NT5pZ2nTHjGQ6pxHGbn2FFSj%2FPgd0D7e2TC6C%2BgGLdcNr5bjK2ai%2BG1anTJ8rsVTaeN5QW4mrwGCCVABPnx%2BHtOfiiknW1qtEG2vaJ9r2qI%2FztXxZ4bb9AVVNX19CI%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 410Content-Type: application/reports+jsonOrigin: https://login.o365contact-verify.clickUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7ba55bde80cd"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7baf7aba7d0b"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7c1a7bdfcc98"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:04 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 799ef183-5041-4eef-a0c0-de90089e4300X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c260ed67d1a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1813&rtt_var=701&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2864&recv_bytes=2233&delivery_rate=1537651&cwnd=167&unsent_bytes=0&cid=279db503a75fa99e&ts=563&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:06 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 175ee6c4-d1e3-4ea2-a9e0-cf9d4ac54700X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c34fabeefa7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1784&min_rtt=1780&rtt_var=676&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2865&recv_bytes=2260&delivery_rate=1607929&cwnd=148&unsent_bytes=0&cid=bc640d43a6f36ee7&ts=480&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7cfffbfa88c3"x-content-options: nosniffx-frame-options: SAMEORIGIN

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_276.16.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Source: classification engine

Classification label: mal64.phis.winPDF@62/113@100/14

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9101lqx7_1gjoivx_604.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Emarine System Contact Update.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://microsoft.emg-dev.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JS count = 0
Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword stream count = 59

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword obj count = 62

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
68.66.200.210	microsoft.emg-dev.com	United States	55293	A2HOSTINGUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.47.242	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.174.141	login.o365contact-verify.click	United States	13335	CLOUDFLARENETUS	true
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.19.105.127	e8652.dscx.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
95.101.182.72	e40491.dscg.akamaiedge.net	European Union	20940	AKAMAI-ASN1EU	false
95.101.54.225	a1894.dscb.akamai.net	European Union	34164	AKAMAI-LONGB	false

Private

IP
192.168.2.4
192.168.2.24
192.168.2.11

Contacted Domains

Name	IP	Active
e40491.dscg.akamaiedge.net	95.101.182.72	true
beacons3.gvt2.com	142.250.185.163	true
login.o365contact-verify.click	172.67.174.141	true
a.nel.cloudflare.com	35.190.80.1	true
e329293.dscd.akamaiedge.net	92.123.12.181	true
e8652.dscx.akamaiedge.net	2.19.105.127	true
beacons-handoff.gcp.gvt2.com	142.250.180.99	true
beacons2.gvt2.com	216.239.32.3	true
microsoft.emg-dev.com	68.66.200.210	true
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true
a1894.dscb.akamai.net	95.101.54.225	true
beacons.gvt2.com	142.250.180.67	true
beacons6.gvt2.com	142.250.186.99	true
bg.microsoft.map.fastly.net	199.232.214.172	true
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	195.33.199.28	true
outlook.o365contact-verify.click	172.67.174.141	true
challenges.cloudflare.com	104.18.95.41	true
gce-beacons.gcp.gvt2.com	35.241.13.201	true
www.google.com	142.250.185.196	true
live.o365contact-verify.click	172.67.174.141	true
beacons4.gvt2.com	216.239.32.116	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
x1.i.lencr.org	unknown	unknown
r4.res.office365.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
beacons.gcp.gvt2.com	unknown	unknown
identity.nel.measure.office.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	true		unknown
http://microsoft.emg-dev.com/	false	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/favicon.ico	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.0.mouse.js	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK	false		high
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0	false	Avira URL Cloud: safe	unknown
https://live.o365contact-verify.click/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.css	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7c294ed04f3a&lang=auto	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/common/GetCredentialType?mkt=en-US	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.2.mouse.js	false		high
https://a.nel.cloudflare.com/report/v4?s=W0wZC%2FGLHkFuxamJ4Y1xlCw1gOtdw7YMbiOax5V3%2FoSF%2FH8QlT8dm7A3gVptAelVEA6xvJcl%2B83ESk05aX9OrquQIQIMnhYkB93XcfzacjrYIlx9AA09V6GPCMKmuoYpN3rCk2zS6dmIGDFwpqStNQ%3D%3D	false		high
https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e7c294ed04f3a/1742235426143/9077f77a9a22a3d775bec1f7b4425488a10d8ec26d1b7d537c2683e08a0fdf15/WhczPpBGXHLy4X0	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.1.mouse.js	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/owa/prefetch.aspx	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e7bc00f21fbfb/1742235409246/e2a73584760cfdb648e016bf37cedc29239b751956b9c0b29e072beb37001c74/ecn5-1p3kfXiNgd	false		high
https://microsoft.emg-dev.com/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96	false		high
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.png	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG	false		high
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js	true	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=oCskCP2DfrAaReZZaLlc3O9b6NT5pZ2nTHjGQ6pxHGbn2FFSj%2FPgd0D7e2TC6C%2BgGLdcNr5bjK2ai%2BG1anTJ8rsVTaeN5QW4mrwGCCVABPnx%2BHtOfiiknW1qtEG2vaJ9r2qI%2FztXxZ4bb9AVVNX19CI%3D	false		high
https://login.o365contact-verify.click/aExWtFxo	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7bc00f21fbfb&lang=auto	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		high
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	false	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/styles/0/boot.worldwide.mouse.css	false		high
https://a.nel.cloudflare.com/report/v4?s=Zr%2BPVqBP7luk2y5rWna%2BdWUVh8rOg9gDn0FlmWu7jI1NAf7dWq%2BASkza9w4oVVpSlCriK1sHGHQL8snAuZUurfcGqY4oXQ9b6Xn%2B0uatjpUuphjYOrLg%2F3TXng11TCGaLl82m1%2FGksewkxWa52daY24%3D	false		high
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.3.mouse.js	false		high
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	true	Avira URL Cloud: safe	unknown

Phishing

AI detected phishing page

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with domains like microsoft.com or office.com., The URL 'login.o365contact-verify.click' does not match the legitimate domain names associated with Microsoft., The use of 'o365' suggests an association with Office 365, a Microsoft product, but the domain is not a recognized Microsoft domain., The domain extension '.click' is unusual for a legitimate Microsoft service and can be a red flag for phishing., The presence of 'contact-verify' in the URL is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.10.pages.csv
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft services, including Office 365, is 'microsoft.com'., The URL 'login.o365contact-verify.click' does not match the legitimate domain 'microsoft.com'., The use of 'o365' in the subdomain suggests an attempt to mimic Office 365, a Microsoft service., The domain extension '.click' is unusual for a legitimate Microsoft service., The presence of 'contact-verify' in the domain is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.13.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 4.58..script.csv, type: HTML
Source: Yara match	File source: 4.16.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.6..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: blob:https://login.o365contact-verify.click/f5b2f7... This script demonstrates high-risk behavior by using the `eval()` function to execute dynamic code received from an untrusted source. The use of `eval()` allows for the execution of arbitrary JavaScript, which poses a significant security risk. Additionally, the lack of origin verification and the absence of a message source indicate that this script is vulnerable to cross-origin attacks and could be used to execute malicious code on the client-side.
Source: 4.112.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of the `Function` constructor and the ability to modify the `sRandomBlob` property, which could potentially be used for data exfiltration or other malicious purposes. The script is also heavily obfuscated, making it difficult to analyze and understand its true intent. These factors contribute to a high-risk assessment.
Source: 4.58..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://login.o365contact-verify.click/common/oaut... This script exhibits several high-risk behaviors that indicate potential malicious intent:1. Dynamic Code Execution: The script uses the `$Config` object, which could be used to execute remote or dynamic code.2. Data Exfiltration: The script contains URLs that appear to be sending user data to external domains, such as `outlook.o365contact-verify.click` and `live.o365contact-verify.click`.3. Obfuscated Code/URLs: The script contains a large amount of obfuscated or encoded data, making it difficult to analyze the full extent of its functionality.Additionally, the script interacts with domains that are not known to be trusted, which further increases the risk. Overall, this script demonstrates a high level of suspicious behavior and should be treated with caution.

AI detected suspicious URL

Source: https://o365contact-verify.click	Joe Sandbox AI: The URL 'https://o365contact-verify.click' appears to target Microsoft Office 365 users. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The domain 'contact-verify' suggests a verification process, which is a common tactic used in phishing attempts to trick users into providing sensitive information. The '.click' domain extension is not typically associated with Microsoft, which increases the likelihood of this being a typosquatting attempt. The structural similarity is moderate due to the use of 'o365', but the domain extension and the specific wording ('contact-verify') are not directly associated with any legitimate Microsoft service, increasing the likelihood of user confusion.
Source: https://login.o365contact-verify.click	Joe Sandbox AI: The URL 'https://login.o365contact-verify.click' appears to target users of Microsoft's Office 365 services. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The subdomain 'login' is typically associated with authentication pages, which increases the likelihood of user confusion. The domain extension '.click' is not commonly associated with Microsoft, and the structure 'o365contact-verify' suggests an attempt to mimic a legitimate service related to Office 365. The combination of these elements, particularly the use of 'o365' and 'login', suggests a high likelihood of typosquatting aimed at deceiving users into thinking they are interacting with a legitimate Microsoft service.

HTML body contains low number of good links

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://login.o365contact-verify.click/aExWtFxo

HTML title does not match URL

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Title: Just a moment... does not match URL

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx

HTTP Parser: <input type="password" .../> found

Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No favicon

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="author".. found

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 45MB

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.11:49807 -> 1.1.1.1:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.234
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.9.214
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_rt_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js?onload=EFpGI0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveOrigin: https://login.o365contact-verify.clicksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7bc00f21fbfb&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7bc00f21fbfb/1742235409246/e2a73584760cfdb648e016bf37cedc29239b751956b9c0b29e072beb37001c74/ecn5-1p3kfXiNgd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Referer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_rt_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBsAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7c294ed04f3a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7c294ed04f3a/1742235426143/9077f77a9a22a3d775bec1f7b4425488a10d8ec26d1b7d537c2683e08a0fdf15/WhczPpBGXHLy4X0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse; cf_clearance=Gbsjd6.iGpw8LpCvOwd5wIL49BN7vF0QhHv65.OCqaA-1742235440-1.2.1.1-DRzsiK_NwI0G2WfFFPvRj_yPP4yuhZC80xL9h864ijtYIzAZMhveWOgWf816Hf63XtoWNGBxv2YTyDe8qu0K3AzoDDwFOrvHduy8X2yd61aIl7qtRWyIoSW6H9wC.n1zi5G57b1KUQ1OVSM5RgZAuqw8nh7x0WuHxKRNp_vz..uwQsOmRGAX8F8AeS5NnbQMEleYr.CesmxBGsu4ksdpVoXZ0r3atxjHGW_pJSLgOiqVcMOj3LKAgxFwK8DelMWq570pR4I1OM7eeAlEd2FAN36HJBTIKMHi9yKY9Z_VujM2oTZqqXFpvRZlnDnIDdmG1mtRy8jfME7rDCCMp8JZ7SqhSYD_pQYX1E5QIJYzUHMf6hqq55BFNCCOzUbD.95LGQHcHK31h13W7HI9noT8mdYKvmsUxZnaB4Q6_aKwMYg
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.0.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0 HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.1.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.2.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.3.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.png HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: microsoft.emg-dev.com
Source: global traffic	DNS traffic detected: DNS query: login.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: live.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: outlook.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7ba55bde80cd"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7baf7aba7d0b"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7c1a7bdfcc98"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:04 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 799ef183-5041-4eef-a0c0-de90089e4300X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c260ed67d1a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1813&rtt_var=701&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2864&recv_bytes=2233&delivery_rate=1537651&cwnd=167&unsent_bytes=0&cid=279db503a75fa99e&ts=563&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:06 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 175ee6c4-d1e3-4ea2-a9e0-cf9d4ac54700X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c34fabeefa7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1784&min_rtt=1780&rtt_var=676&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2865&recv_bytes=2260&delivery_rate=1607929&cwnd=148&unsent_bytes=0&cid=bc640d43a6f36ee7&ts=480&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7cfffbfa88c3"x-content-options: nosniffx-frame-options: SAMEORIGIN

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_276.16.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Deletes files inside the Windows folder

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Source: classification engine

Classification label: mal64.phis.winPDF@62/113@100/14

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9101lqx7_1gjoivx_604.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Emarine System Contact Update.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://microsoft.emg-dev.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JS count = 0
Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword stream count = 59

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword obj count = 62

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

ID:	1640832
Product:	CloudBasic
Start time:	19:14:43
Start date:	17.03.2025
Sample:	Emarine System Contact Update.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a418ff1ba4c56c0da7a4e089f585a186
SHA1:	e297301d64a5b60689ccaa55631a643ac779bed5
SHA256:	3346db897f5d92fbcc3905ade71a997d74f34d6e82ac4a7033d7033f6839c902
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	BF9CD1E1F4A50658445FC3693B098ED0	2A111D77BF82878BB8E9905356AEEE6309A2A6B6	5BFCC5C7736D09026D463B21E63EFB8E5350837C251A33ED6FD3F200F6A21CDD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	BF9CD1E1F4A50658445FC3693B098ED0	2A111D77BF82878BB8E9905356AEEE6309A2A6B6	5BFCC5C7736D09026D463B21E63EFB8E5350837C251A33ED6FD3F200F6A21CDD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG	ASCII text	2675C2C79657F297C54671E66781F4EC	0C77BE131F8B78E98F6D47F5F8D22E086E4722D5	A9D3F8826922349E12BC46B41480D81E032E65D6B7A772171E48039C3AB1D5A2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)	ASCII text	2675C2C79657F297C54671E66781F4EC	0C77BE131F8B78E98F6D47F5F8D22E086E4722D5	A9D3F8826922349E12BC46B41480D81E032E65D6B7A772171E48039C3AB1D5A2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	7B65EB9AAB0180C767DE6E8C1208F65B	33AF5AA7D94F457ECFBE04FD6B9A3A5D0D82BAE1	292A67F985A4A052A4DAF1EFA982B7386AC522B57C3A2C586D2D406E0BBEE543
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e60c24f8-7814-476c-9298-5bbbf3bf80ba.tmp	JSON data	7B65EB9AAB0180C767DE6E8C1208F65B	33AF5AA7D94F457ECFBE04FD6B9A3A5D0D82BAE1	292A67F985A4A052A4DAF1EFA982B7386AC522B57C3A2C586D2D406E0BBEE543
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log	data	D826E7CECB6E1262D384CCF1B855558A	163881C7FA3A46C80B6584D03B3A7515EE41D0F7	6BDBD1DF25D5369EAC4D1297E39854D82DADA6ABC06B845E99773B6C73135546
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG	ASCII text	9C18DA438D95095C276EB572C67D8C8E	E723B7DD5DCF165F32F306EC7C1299A113702951	825EC25910F5536FD75C3FF542BE602CE481CBE0974CB3BA597D5311B988F012
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)	ASCII text	9C18DA438D95095C276EB572C67D8C8E	E723B7DD5DCF165F32F306EC7C1299A113702951	825EC25910F5536FD75C3FF542BE602CE481CBE0974CB3BA597D5311B988F012
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250317181547Z-224.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	D7165FA2E67FB2C3E14863F603583C2D	F03308B69424EC9A85D0B053A608AE3FB766C810	CD4E5B26E89879A3890EF175CE4C46C79E39B4E86B0E5501382C5906465BB961
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11	17A42A6034F8757429DA56C5098F9C8C	A9F1314A0F0A94743BB5B97ED98C2D022BF8C743	33699DDFD7B34981B9CC52B84C393AD7282FCAEC35FE6E11DC6BADD16BD20D4A
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	382A6CE89609FB46AAFD643D4CD797AD	E6D397580FE7EA391E982678F358D79F791F37B0	7140577F35ADFB28AD53B54EC89064AC9A421CF2F891C9A258EB74EB4202F8B5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D	Certificate, Version=3	0CD2F9E0DA1773E9ED864DA5E370E74E	CABD2A79A1076A31F21D253635CB039D4329A5E8	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression	83142242E97B8953C386F988AA694E4A	833ED12FC15B356136DCDD27C61A50F59C5C7D50	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D	data	7678BB20ACE1C0EE3FCE803E67A990C6	6AF4037B0D0944F7570DBC5A4FA559302C80942E	B885D7D885500C1B5B21DF7FCAA19C2362EEF6D8A143843ADDCDBB85A805F56E
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	data	70CBF2A75886356DD17E4F4569D62101	6801E75F54BDDD0D45553EDECBF075B1FF001559	492754076C98CA0289DB401A44130D33F764CB8F8C5073E11BD8EF18CEB135F1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	217703C0BE6422100BE38F840A10F7CF	CB0D12FB466F93D6315444010F4429457EC9D457	C4709C944D2C4A411EA09F03D04A4F1E5B684C5F513B1C6722DA945BD696DCF9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	3FDC74031B64C627E34008B142B277D9	E4277D3304B4BAC23F62F9FADAFA23453FC03043	FEB0CDD0068716D820A6C5932562E735B3D44AA49260689A01629E5618E3C4D5
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	BF219831A137335F18F5780B2D39AD43	8E9C4D7CB9A70A01839D753B85D923782136BCFF	414DBC23798A1F55A5F7ED69201AA5630449970CAD65BC0527F1D31C39CF43EB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	B55F7CB27B674C55B9EA41F5D0DA5293	60492537E37A32A53838ABDABD14198662116C56	DCB24DA2295F39F6244E75A84E8C1D1DB1523EF52FFCC4E2115A43C7E70EBB0A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	549FAAEC8D69829DFD33F8386E78C803	C5F0A5E996E3E09CC27C9CF131DC329F85C0C636	7CE398F6AFEEFD74B0ED2953A31620CEE15202B183BF611D202A06F82689F2D1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	4C414C89C87F7AD7BFEDC4C4B31ADE89	E5B622865F55D469F7713462FA44B006085A163D	DA8D5F9A53293A312B342A0F085C8D067C598D6CC231B567CF169FD686026914
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	7F3C7C6F2DB7D9241F6BD6DB33FACCD2	F12026C6A83EE76E33F41B099BF063877E1FF08A	CA2C6B9FB31E41EC3A7103D60426E518BCED9C52D3B93B64E4C211BE9C93D924
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	4BED1CD40FBF10F3052A8382983DCCEB	F6B6B37C75D391ECBD6CD7715798671C7A0F1CDF	060616F6330D131F103DE5AA4B05BA2F64206EF793C46F9E669FCEC48688B8CE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	A00D428B7DE7A6657E691DD2DEDAB27F	6D86866E3FAEA0A439219F8A143AA21ACADC8F09	7FCF81B2785540A8D15C9A44BBC91E5E07CFB82996AE240BE2A71EEF79125F76
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	906B9F5ABFFE3E2DCA966882F081E43F	5B31C314B0A6EDA5DF5C8B2237824F0762E5EAE4	B3F00A48D374512E887B8DD6764CE5B5D0FF1142B95A3B8DF811BA6183990B35
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	FBE675A43A308DE5E3922F1AF7B20019	317AF306C146597D19A1056EAB41CF680717C9F0	0E21E0ED99C1A86CF5D4D4BB24B9BCD566C042C62B7EFF3F31D92F6616F869BD
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	093C2CD6269595246DD092C5F0DC2115	ABDC1429FFF3155882E7F16953298A3AE68C3099	59E1CE058A75D719C73A2C521438B71D387B305DD55627386BD85892778C67A2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	5C1E709327D8F690F1A5495A599D1FD4	95E31B063B2DB5B4E5A1533A2198F1D295E61AB8	F3EB1C2EE3616FCDB2A1EBA835F59D91FFA153A2C3E74C64574370EDB899B18B
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	BC7595F444AB24950A2FB616E844E8E0	A86D105E53F26184CAB501957CEFF6B1CB1665DD	D78A76547AFF88F57058542C76C5BC9DD39351BFCB10C4BB2307F8CA0AFECE9A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	CEF570A5C39D77103F858A4FA4C76C70	D7DB89CC3DEE51D64D64C4ECDFF731AB070A2673	29FDED75F9BA2DF54CA98966FE72B07BF05EC59234767E1B2D980C5FC0D9D182
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	20F7CD3AD8CD07BAE745296DA3F12C8E	7019890F5D36366602A165E7F4C7FF3B98EA73DA	E556B74273AC558DD22C1DA22A06C8219075501953D7EDDAC2D6190C3F5ECAF9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	F87288AD098E894C734E4FC6A025DF0A	E64B7184AE4A25012028416C484E1DC8CD9E7910	3BEB0A35BD48E9351DC48539871A6A23C9B8CB6CCFAF8B963FFCF30424621FA2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28	D14FDDD68A3BFE9EE9F4168CF421B5C7	DECA1D1CC40EB496BB6542B6C3DEF62D527B0147	A4C41AF240FDC897FDF84954B23FD256D406C2728FE60A00E6897795592B5294
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	41FA444AFDD7D5B40C5C12D557E6D714	51DC09801C4AEF9EADA84900F93D3B94E0F24662	6B595D5EE0F68BB8F723DAA7070D1E8B5BC105D384CCF6FAEB4E50B638605E81
C:\Users\user\AppData\Local\Temp\MSI2f4ee.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	315FD66EE376953F7BF26B6D9A8A04DA	3AC0336A878D84763B749039E699FCED14E64D74	3A029A419A80AEA78325884A92C37ED740B1AA11AC0515384A406BDD45A40816
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9101lqx7_1gjoivx_604.tmp	PDF document, version 1.6, 0 pages	FF3109087CDE8D6F867A070BC7482AFA	8F6A02CA8F7796075B2AEB539DE78F9119C94B2C	A91479A73E20D21E15B732B08547311A1EC31FBD70422D9298AA6208A831F96B
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 14-15-44-726.log	ASCII text, with very long lines (393)	789D1F2F853618A17B73FBEF9532AB2F	5322D042DC96B7E30E3914F7C21729559D534D3E	482DB450F9F106D18D3E1EAE7A160CC9E75201F9336327CDBCA465997BF56FB2
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log	ASCII text, with very long lines (393), with CRLF line terminators	0FFEA1528F5CA0FE7CA3073B52D3645F	6F5E1E7095EE3B00CB767E3730B1D61A7B1471DA	1A5057D3E35BF42A91088935D9B2BBD51F4BB4187C46479B8CBD5CD1D08F6E83
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	77F352DA3F87B7A9EAED962ED2F280EA	25F69E3C3220BD7D5C79FF5A36966D76B2771276	00CA87301EABE6164B962C4778E055D2BD8D113782C8C1C0E545B08AE0A04D2B
C:\Users\user\AppData\Local\Temp\acrocef_low\16668efc-5666-42ce-ad94-43ceb8c31b4d.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081	A0CFC77914D9BFBDD8BC1B1154A7B364	54962BFDF3797C95DC2A4C8B29E873743811AD30	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
C:\Users\user\AppData\Local\Temp\acrocef_low\5e342671-0e24-41ea-a775-216c631c4f9a.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022	5C48B0AD2FEF800949466AE872E1F1E2	337D617AE142815EDDACB48484628C1F16692A2F	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
C:\Users\user\AppData\Local\Temp\acrocef_low\600281b5-b982-43b7-a1dd-68d6a76bedce.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142	95F182500FC92778102336D2D5AADCC8	BEC510B6B3D595833AF46B04C5843B95D2A0A6C9	9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
C:\Users\user\AppData\Local\Temp\acrocef_low\aac67612-a4e9-4b48-a35d-2e26f209aead.tmp	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538	3A49135134665364308390AC398006F1	28EF4CE5690BF8A9E048AF7D30688120DAC6F126	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
Chrome Cache Entry: 238	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 239	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 240	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 241	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 242	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 243	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424	3BA4D76A17ADD0A6C34EE696F28C8541	5E8A4B8334539A7EAB798A7799F6E232016CB263	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
Chrome Cache Entry: 244	PNG image data, 50 x 21, 8-bit/color RGB, non-interlaced	B26986D6749C04C84092E7665CF15419	333081FA661C9329AC42A210C92591731ABDF8BA	4558799E113EDD0B13ECDF00701921F158CB31C5120299AEFF637A071D9E3E9C
Chrome Cache Entry: 245	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 246	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986	81C7B985343C317ADEEA2C28F5C6FF4D	7A04D6215D0B79EEDE6823C4B3621795AD552534	6BDBA6F0D2271DD20E6E6AEA2B459A1A23050EDE1B3BBADE4C913A1716F6E491
Chrome Cache Entry: 247	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	9786D38346567E5E93C7D03B06E3EA2D	23EF8C59C5C9AA5290865933B29C9C56AB62E3B0	263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
Chrome Cache Entry: 248	PNG image data, 80 x 15, 8-bit/color RGB, non-interlaced	D66C37A369A3C1EEADA534DC5389696D	7BC792F8D15135957724EBDFC59ADB89082D3920	27E8768CA69F453086CA15DE252C9AF2042A4A47537E182671945A36A63351AB
Chrome Cache Entry: 249	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 455713	20CE87477D6D15DA34A741E403DE3FEC	39506B05FE4C40DF151748CE7D815DA94F484C5C	25E14EF7716B473D159874C370A076CD21AFCFF5E466AAD0CBFD863EFBA9A084
Chrome Cache Entry: 250	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 251	PNG image data, 50 x 21, 8-bit/color RGB, non-interlaced	B26986D6749C04C84092E7665CF15419	333081FA661C9329AC42A210C92591731ABDF8BA	4558799E113EDD0B13ECDF00701921F158CB31C5120299AEFF637A071D9E3E9C
Chrome Cache Entry: 252	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	D9E3D2CE0228D2A5079478AAE5759698	412F45951C6AEDA5F3DF2C52533171FC7BDD5961	7041D585609800051E4F451792AEC2B8BD06A4F2D29ED6F5AD8841AAE5107502
Chrome Cache Entry: 253	PNG image data, 600 x 1, 8-bit/color RGBA, non-interlaced	3EDA15637AFEAC6078F56C9DCC9BBDB8	97B900884183CB8CF99BA069EEDC280C599C1B74	68C66D144855BA2BC8B8BEE88BB266047367708C1E281A21B9D729B1FBD23429
Chrome Cache Entry: 254	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 255	ASCII text, with no line terminators	9F9FA94F28FE0DE82BC8FD039A7BDB24	6FE91F82974BD5B101782941064BCB2AFDEB17D8	9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
Chrome Cache Entry: 256	PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced	8B36337037CFF88C3DF203BB73D58E41	1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E	E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
Chrome Cache Entry: 257	Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators	12204899D75FC019689A92ED57559B94	CCF6271C6565495B18C1CED2F7273D5875DBFB1F	39DAFD5ACA286717D9515F24CF9BE0C594DFD1DDF746E6973B1CE5DE8B2DD21B
Chrome Cache Entry: 258	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 259	GIF image data, version 89a, 352 x 3	B540A8E518037192E32C4FE58BF2DBAB	3047C1DB97B86F6981E0AD2F96AF40CDF43511AF	8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
Chrome Cache Entry: 260	ASCII text, with very long lines (65536), with no line terminators	AF8D946B64D139A380CF3A1C27BDBEB0	C76845B6FFEAF14450795C550260EB618ABD60AB	37619B16288166CC76403F0B7DF6586349B2D5628DE00D5850C815D019B17904
Chrome Cache Entry: 261	GIF image data, version 89a, 352 x 3	166DE53471265253AB3A456DEFE6DA23	17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D	A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
Chrome Cache Entry: 262	ASCII text, with very long lines (994), with no line terminators	E2110B813F02736A4726197271108119	D7AC10CC425A7B67BF16DDA0AAEF1FEB00A79857	6D1BE7ED96DD494447F348986317FAF64728CCF788BE551F2A621B31DDC929AC
Chrome Cache Entry: 263	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769	57EADECAC2A031883A702F6B12A14502	3C1E4F5ABE11775DD678085EAC97029DF618A9F7	C76276A58DFB0E4D68D277526E5F05EE357E13957B4C91BE2C74BE7CD20B065E
Chrome Cache Entry: 264	ASCII text, with very long lines (8423), with no line terminators	0F0892030E2D2765C137A2A10441190C	4B908FB706ADD86CA27255714E0758B7F7C90BBB	4130EF40358CC7591161780A7D4F0F8A8D55DA75DD0E9A2FB64495F06ED51011
Chrome Cache Entry: 265	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 266	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 190152	C1E82BF71ADD622AD0F3BF8572F634FC	6CA863D4CAB96669202548D301693B3F5F80B0D5	BA48AF15D297DB450DC4870242482145ADDB2D18375A4871C490429E2DC5464A
Chrome Cache Entry: 267	JPEG image data, baseline, precision 8, 1920x1080, components 3	7916A894EBDE7D29C2CC29B267F1299F	78345CA08F9E2C3C2CC9B318950791B349211296	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
Chrome Cache Entry: 268	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 269	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 270	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 58435	209FD70F9BDA807BF117210BBCF03522	FD4A15809E2953DDDEE045F440DA62F9A11680ED	58AC139774D14AACA1F5C7FE2F2B7DF96CD208AC5B1D03FFCB732552C4C05E54
Chrome Cache Entry: 271	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3	E58AAFC980614A9CD7796BEA7B5EA8F0	D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA	8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
Chrome Cache Entry: 272	ASCII text, with very long lines (8510), with no line terminators	5C541B5836BDB7A4B0584F2F3A376073	477A66A4E055F034BFD2E29C96E581549A5B4748	B0E5693A0405389FB2483FAEAD52B675943DF6F7BB716FE1BBEE4E0C079C8E18
Chrome Cache Entry: 273	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 274	ASCII text, with very long lines (48238)	184E29DE57C67BC329C650F294847C16	961208535893142386BA3EFE1444B4F8A90282C3	DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D
Chrome Cache Entry: 275	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 276	Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators	761CE9E68C8D14F49B8BF1A0257B69D6	8CF5D714D35EFFA54F3686065CB62CCE028E2C77	BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
Chrome Cache Entry: 277	PNG image data, 80 x 15, 8-bit/color RGB, non-interlaced	D66C37A369A3C1EEADA534DC5389696D	7BC792F8D15135957724EBDFC59ADB89082D3920	27E8768CA69F453086CA15DE252C9AF2042A4A47537E182671945A36A63351AB

Windows Analysis Report
Emarine System Contact Update.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Emarine System Contact Update.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Emarine System Contact Update.pdf