Edit tour

Windows Analysis Report
Emarine System Contact Update.pdf

Overview

General Information

Sample name:	Emarine System Contact Update.pdf
Analysis ID:	1640832
MD5:	a418ff1ba4c56c0da7a4e089f585a186
SHA1:	e297301d64a5b60689ccaa55631a643ac779bed5
SHA256:	3346db897f5d92fbcc3905ade71a997d74f34d6e82ac4a7033d7033f6839c902
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish54

AI detected suspicious Javascript

AI detected suspicious URL

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7696 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Emarine System Contact Update.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7932 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 8128 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://microsoft.emg-dev.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
4.58..script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.16.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.10.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
4.13.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with domains like microsoft.com or office.com., The URL 'login.o365contact-verify.click' does not match the legitimate domain names associated with Microsoft., The use of 'o365' suggests an association with Office 365, a Microsoft product, but the domain is not a recognized Microsoft domain., The domain extension '.click' is unusual for a legitimate Microsoft service and can be a red flag for phishing., The presence of 'contact-verify' in the URL is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.10.pages.csv
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The legitimate domain for Microsoft services, including Office 365, is 'microsoft.com'., The URL 'login.o365contact-verify.click' does not match the legitimate domain 'microsoft.com'., The use of 'o365' in the subdomain suggests an attempt to mimic Office 365, a Microsoft service., The domain extension '.click' is unusual for a legitimate Microsoft service., The presence of 'contact-verify' in the domain is suspicious and often used in phishing attempts to trick users into providing personal information. DOM: 4.13.pages.csv

Yara detected HtmlPhish54

Source: Yara match	File source: 4.58..script.csv, type: HTML
Source: Yara match	File source: 4.16.pages.csv, type: HTML
Source: Yara match	File source: 4.10.pages.csv, type: HTML
Source: Yara match	File source: 4.13.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 1.6..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: blob:https://login.o365contact-verify.click/f5b2f7... This script demonstrates high-risk behavior by using the `eval()` function to execute dynamic code received from an untrusted source. The use of `eval()` allows for the execution of arbitrary JavaScript, which poses a significant security risk. Additionally, the lack of origin verification and the absence of a message source indicate that this script is vulnerable to cross-origin attacks and could be used to execute malicious code on the client-side.
Source: 4.112.d.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution through the use of the `Function` constructor and the ability to modify the `sRandomBlob` property, which could potentially be used for data exfiltration or other malicious purposes. The script is also heavily obfuscated, making it difficult to analyze and understand its true intent. These factors contribute to a high-risk assessment.
Source: 4.58..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://login.o365contact-verify.click/common/oaut... This script exhibits several high-risk behaviors that indicate potential malicious intent:1. Dynamic Code Execution: The script uses the `$Config` object, which could be used to execute remote or dynamic code.2. Data Exfiltration: The script contains URLs that appear to be sending user data to external domains, such as `outlook.o365contact-verify.click` and `live.o365contact-verify.click`.3. Obfuscated Code/URLs: The script contains a large amount of obfuscated or encoded data, making it difficult to analyze the full extent of its functionality.Additionally, the script interacts with domains that are not known to be trusted, which further increases the risk. Overall, this script demonstrates a high level of suspicious behavior and should be treated with caution.

AI detected suspicious URL

Source: https://o365contact-verify.click	Joe Sandbox AI: The URL 'https://o365contact-verify.click' appears to target Microsoft Office 365 users. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The domain 'contact-verify' suggests a verification process, which is a common tactic used in phishing attempts to trick users into providing sensitive information. The '.click' domain extension is not typically associated with Microsoft, which increases the likelihood of this being a typosquatting attempt. The structural similarity is moderate due to the use of 'o365', but the domain extension and the specific wording ('contact-verify') are not directly associated with any legitimate Microsoft service, increasing the likelihood of user confusion.
Source: https://login.o365contact-verify.click	Joe Sandbox AI: The URL 'https://login.o365contact-verify.click' appears to target users of Microsoft's Office 365 services. The use of 'o365' is a common abbreviation for Office 365, which is a well-known Microsoft product. The subdomain 'login' is typically associated with authentication pages, which increases the likelihood of user confusion. The domain extension '.click' is not commonly associated with Microsoft, and the structure 'o365contact-verify' suggests an attempt to mimic a legitimate service related to Office 365. The combination of these elements, particularly the use of 'o365' and 'login', suggests a high likelihood of typosquatting aimed at deceiving users into thinking they are interacting with a legitimate Microsoft service.

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Number of links: 0
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Number of links: 0

Source: https://login.o365contact-verify.click/aExWtFxo

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: Title: Just a moment... does not match URL

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: Iframe src: https://outlook.o365contact-verify.click/owa/prefetch.aspx

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true

HTTP Parser: <input type="password" .../> found

Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/aExWtFxo	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No favicon
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No favicon

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="author".. found

Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 45MB

Source: global traffic

TCP traffic: 192.168.2.11:49807 -> 1.1.1.1:53

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: microsoft.emg-dev.com to https://login.o365contact-verify.click/aexwtfxo

Source: Joe Sandbox View	IP Address: 104.18.94.41 104.18.94.41
Source: Joe Sandbox View	IP Address: 104.18.95.41 104.18.95.41
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127
Source: Joe Sandbox View	IP Address: 2.19.105.127 2.19.105.127

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.7
Source: unknown	TCP traffic detected without corresponding DNS query: 23.15.178.234
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 20.82.9.214
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aExWtFxo HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_rt_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js?onload=EFpGI0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveOrigin: https://login.o365contact-verify.clicksec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7bc00f21fbfb&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7bc00f21fbfb/1742235409246/e2a73584760cfdb648e016bf37cedc29239b751956b9c0b29e072beb37001c74/ecn5-1p3kfXiNgd HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Referer: https://login.o365contact-verify.click/aExWtFxo?__cf_chl_tk=3SIgpD1sXzF4WWcwaBv8YjTFxVb01cR9sJuKKjQjjlw-1742235404-1.0.1.1-0OhMnnw8wDb2fCD6vco.rnDMeRMavkDd3SSw3ivSKmoAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_rt_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBsAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7c294ed04f3a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e7c294ed04f3a/1742235426143/9077f77a9a22a3d775bec1f7b4425488a10d8ec26d1b7d537c2683e08a0fdf15/WhczPpBGXHLy4X0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: live.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /owa/prefetch.aspx HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://login.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; cf_clearance=nDf1S5zrZ7NjjUQL9ErQPYKCqqPAJJAlg1G7Jj4BUC0-1742235435-1.2.1.1-zKxQmFHrGG854jpLDpvvUwsa53yj1d9U0sEUTuS4x_iz7qUyK9wj2.bSlhYFJzpJ_vpEBQ9Vcr11lrdZYI1qXfyEWNgc7ONqCqh0b9pFI0ZdngpO4sAKpnVaDy4nOLXt1E9uWRNXqpVMT9SQl33jl1Y4ZturI4_YbiJSmBgWwzQnnDTSv3E6LkHuSGsKfAj1CAK40Qk.6uuBy6FuzKJaf8dt0kLkwh7NvrhtsEoRol.RLZ4NjGogiNq1.wYpuP5WQmDz6QAOFPOJwyS0SMVqOYjHftn9DlvEl9JJ3uhcOuO9ofuJ0qoVz4ndoiMbpyLOArqp5XOENHuOOOLpUo7U80R9c54VnlJWRP1CZ.uqUIhhufVwp2xl47o_ctdVyiLwWXyodB1yGj5wMtw9.0bbbUyZZVOK0PbTTtGa0mfpKwc; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse; cf_clearance=Gbsjd6.iGpw8LpCvOwd5wIL49BN7vF0QhHv65.OCqaA-1742235440-1.2.1.1-DRzsiK_NwI0G2WfFFPvRj_yPP4yuhZC80xL9h864ijtYIzAZMhveWOgWf816Hf63XtoWNGBxv2YTyDe8qu0K3AzoDDwFOrvHduy8X2yd61aIl7qtRWyIoSW6H9wC.n1zi5G57b1KUQ1OVSM5RgZAuqw8nh7x0WuHxKRNp_vz..uwQsOmRGAX8F8AeS5NnbQMEleYr.CesmxBGsu4ksdpVoXZ0r3atxjHGW_pJSLgOiqVcMOj3LKAgxFwK8DelMWq570pR4I1OM7eeAlEd2FAN36HJBTIKMHi9yKY9Z_VujM2oTZqqXFpvRZlnDnIDdmG1mtRy8jfME7rDCCMp8JZ7SqhSYD_pQYX1E5QIJYzUHMf6hqq55BFNCCOzUbD.95LGQHcHK31h13W7HI9noT8mdYKvmsUxZnaB4Q6_aKwMYg
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.0.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0 HTTP/1.1Host: outlook.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; ClientId=6531B268D32F4FB283E2DF141C5EB975; OIDC=1; OWAPF=v:15.20.8534.33&l:mouse
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.1.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.2.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/scripts/boot.worldwide.3.mouse.js HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.png HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /owa/prem/15.20.8534.33/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1Host: r4.res.office365.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://outlook.o365contact-verify.click/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /common/GetCredentialType?mkt=en-US HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET /s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0 HTTP/1.1Host: login.o365contact-verify.clickConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Content-Type: application/jsonsec-ch-ua-platform-version: "10.0.0"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: 112b-030d=f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0; x-ms-gateway-slice=estsfd; buid=1.AQYAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAAGAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEMVVtgvWr2QbeswlFQnYSFh41elTy_rSapNLNq_Q5ySlDwSQb_qwhIcvopR0sqQfT1ROY04nHQUtjfKu6bh8U4rxuu4jRwb-Zr0twjGmHOaUgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEIlKDYUMwKRegWhTtLS7bITrsTeZO6N_4cmqkRK3WvRhqA_sfdOUxUanfoQYnJLJ_naJb2kbskzj8T-fVKRSrlDM3UBu2xlWoVgY1z9uvZVjKSpLpgaXLrMrCmrx4uzHuADNzS6vBRtF3bP5Kmu5hr78NNv_hUeFXmODaVOwVUosgAA; esctx-1DYHQVwkbsY=AQABCQEAAABVrSpeuWamRam2jAF1XRQELMKoBwXlDrGyuwQCGIkuqTopncVot0FEruBPPTSlmPPx5QROqQLciAN0NHSQMDdTiLDcgIsGDpEnSgLrukOk3Hh7Vu_0fhc1m5-J1Cm_fdl_sSkJwFm3F2RF_bNAUrWvwKzyoUc6NzojyLVddO27wCAA; fpc=AglNR4gBFPJLissXgJudxWGerOTJAQAAACteat8OAAAA; stsservicecookie=estsfd; MicrosoftApplicationsTelemetryDeviceId=9ce9b347-cecc-4324-8177-67c211ff2ec8; brcap=0; cf_clearance=yDWlUjMSBNX9zAAZekQFRRwFg7vmC_TVfXi8fIWyyyk-1742235442-1.2.1.1-pL.PHbZe7wtlikLo5DzgT9e3xHojILVUssOs_0.t4CvdGi_45a5e2v1.tyFCvPPVzsqOUfjdyAUWQ0npudI6Q8RR2fO_mm9N6w9._WC26oi_KsGLqnLs4BeBRL6MT8YlKD_KOvJV14W0.N72VbRfDwecEMFcKaqi7HYNDytGnlapwTfvljkeum4hjzUGwPPwnUyNZm2Km77uNE99pHoewrhFGUlBM4IK0f0wk1SteoaDvOVjZIXpNC1bRNR2qe.eNX1yVF9x9gbNEFJC6o6zBFVMv2drUsZT8JlELGwllyHg_Wbgd23.gbSLLXl1PDnywC8pl.nn6e8Pg.ENcJEAxxFqZHKiDVQoLVyxmF2erX10ISZJ4HlJFjoS4XOMMDymhGZZzuoAUgjOsNIOsrZ34wun1bhg0LPEVknX1dSzSq0;
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: microsoft.emg-dev.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: microsoft.emg-dev.com
Source: global traffic	DNS traffic detected: DNS query: login.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: live.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: outlook.o365contact-verify.click
Source: global traffic	DNS traffic detected: DNS query: r4.res.office365.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons4.gvt2.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=oCskCP2DfrAaReZZaLlc3O9b6NT5pZ2nTHjGQ6pxHGbn2FFSj%2FPgd0D7e2TC6C%2BgGLdcNr5bjK2ai%2BG1anTJ8rsVTaeN5QW4mrwGCCVABPnx%2BHtOfiiknW1qtEG2vaJ9r2qI%2FztXxZ4bb9AVVNX19CI%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 410Content-Type: application/reports+jsonOrigin: https://login.o365contact-verify.clickUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:43 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7ba55bde80cd"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:16:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7baf7aba7d0b"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:01 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7c1a7bdfcc98"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:04 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 799ef183-5041-4eef-a0c0-de90089e4300X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c260ed67d1a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1823&min_rtt=1813&rtt_var=701&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2864&recv_bytes=2233&delivery_rate=1537651&cwnd=167&unsent_bytes=0&cid=279db503a75fa99e&ts=563&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 18:17:06 GMTTransfer-Encoding: chunkedConnection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: strict-origin-when-cross-originReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]}X-Ms-Ests-Server: 2.1.20262.4 - SEC ProdSlicesX-Ms-Request-Id: 175ee6c4-d1e3-4ea2-a9e0-cf9d4ac54700X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 921e7c34fabeefa7-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1784&min_rtt=1780&rtt_var=676&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2865&recv_bytes=2260&delivery_rate=1607929&cwnd=148&unsent_bytes=0&cid=bc640d43a6f36ee7&ts=480&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Mar 2025 18:17:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="921e7cfffbfa88c3"x-content-options: nosniffx-frame-options: SAMEORIGIN

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_276.16.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901

Source: unknown	HTTPS traffic detected: 68.66.200.210:443 -> 192.168.2.11:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.196:443 -> 192.168.2.11:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.47.242:443 -> 192.168.2.11:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.11:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.11:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.182.72:443 -> 192.168.2.11:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.174.141:443 -> 192.168.2.11:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.11:49881 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.101.54.225:443 -> 192.168.2.11:49882 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir8280_614645595

Jump to behavior

Source: classification engine

Classification label: mal64.phis.winPDF@62/113@100/14

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9101lqx7_1gjoivx_604.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Emarine System Contact Update.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://microsoft.emg-dev.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2228 --field-trial-handle=1588,i,7883779593797049088,16200371669672376765,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1912,i,10824921452799102763,10731753897681253853,262144 --variations-seed-version --mojo-platform-channel-handle=2564 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JS count = 0
Source: Emarine System Contact Update.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9101lqx7_1gjoivx_604.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword stream count = 59

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Emarine System Contact Update.pdf

Initial sample: PDF keyword obj count = 62

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	2 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU	0%	Avira URL Cloud	safe
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	0%	Avira URL Cloud	safe
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ	0%	Avira URL Cloud	safe
https://live.o365contact-verify.click/Me.htm?v=3	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/favicon.ico	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/common/GetCredentialType?mkt=en-US	0%	Avira URL Cloud	safe
http://microsoft.emg-dev.com/	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98	0%	Avira URL Cloud	safe
https://outlook.o365contact-verify.click/owa/prefetch.aspx	0%	Avira URL Cloud	safe
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js	0%	Avira URL Cloud	safe
https://microsoft.emg-dev.com/	0%	Avira URL Cloud	safe
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
e40491.dscg.akamaiedge.net	95.101.182.72	true	false	high
beacons3.gvt2.com	142.250.185.163	true	false	high
login.o365contact-verify.click	172.67.174.141	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
e329293.dscd.akamaiedge.net	92.123.12.181	true	false	high
e8652.dscx.akamaiedge.net	2.19.105.127	true	false	high
beacons-handoff.gcp.gvt2.com	142.250.180.99	true	false	high
beacons2.gvt2.com	216.239.32.3	true	false	high
microsoft.emg-dev.com	68.66.200.210	true	false	unknown
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true	false	high
a1894.dscb.akamai.net	95.101.54.225	true	false	high
beacons.gvt2.com	142.250.180.67	true	false	high
beacons6.gvt2.com	142.250.186.99	true	false	high
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	195.33.199.28	true	false	high
outlook.o365contact-verify.click	172.67.174.141	true	true	unknown
challenges.cloudflare.com	104.18.95.41	true	false	high
gce-beacons.gcp.gvt2.com	35.241.13.201	true	false	high
www.google.com	142.250.185.196	true	false	high
live.o365contact-verify.click	172.67.174.141	true	true	unknown
beacons4.gvt2.com	216.239.32.116	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
x1.i.lencr.org	unknown	unknown	false	high
r4.res.office365.com	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0/f159d9b279e800c9005818f45f2483487e0f69b0a2199a996c6866d53e611046.js	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true	true		unknown
http://microsoft.emg-dev.com/	false	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/favicon.ico	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.0.mouse.js	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/537131680:1742232368:PNgSpCUp7nUXHshdMXWCwQ_8FTfn9WzuyEWhtvnUs-s/921e7baf7aba7d0b/W4eA9YLpBn3tCwq3EXfDYAR6ZXZxirgUHevar3zovY4-1742235404-1.2.1.1-Q7IjesuKplLT14X1wWNNl0rbs74c7XElBRkd1j7rASgJmB2uk4N1rCItdoGF_zvU	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/682140236:1742232437:8b9gz9emrG5DcnF2TDLLylfW8cNQiTKCLTAz5PlDYTA/921e7c294ed04f3a/jJuM8MuxAXgicxlV54NMqmOxBGf8xe._itLZUwP6bCI-1742235424-1.1.1.1-BS.L55emwkKGCU.x8TYzvycRlp10Ak0hNCg6hgjeY4ZRS_qSX6gGPMIKEThfqDoP	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/921e7c294ed04f3a/1742235426141/O0X3D9XANz-4iXK	false		high
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.130040392468924:1742232295:rVAWigBhcleuvDtH5VsJJZCtL-7j37nUrqjr_hViAkw/921e7c88ed1a3ee0	false	Avira URL Cloud: safe	unknown
https://live.o365contact-verify.click/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.css	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/r0vp1/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7c294ed04f3a&lang=auto	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/flow/ov1/110780630:1742232317:bvS75iyz4u7m90pDimz586c5PtgorxbfHl9rBjSNNlg/921e7c1a7bdfcc98/lgZ4vHb.Fe6nyPOfh1TleHEywIpVfMgQ_DbyxLNW0WI-1742235421-1.2.1.1-rKQ4ZgAkJbjOBRkUREPr20BEXeiAFqwmm6IQwfYedOVeqkwzTpCfmI3XHesxSkGZ	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7baf7aba7d0b	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/common/GetCredentialType?mkt=en-US	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.2.mouse.js	false		high
https://a.nel.cloudflare.com/report/v4?s=W0wZC%2FGLHkFuxamJ4Y1xlCw1gOtdw7YMbiOax5V3%2FoSF%2FH8QlT8dm7A3gVptAelVEA6xvJcl%2B83ESk05aX9OrquQIQIMnhYkB93XcfzacjrYIlx9AA09V6GPCMKmuoYpN3rCk2zS6dmIGDFwpqStNQ%3D%3D	false		high
https://login.o365contact-verify.click/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=01ff36a9-118d-1256-2170-f97d73c45f79&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638674904025952032.42b185d8-e825-4e84-bdb2-3e505ea1e04a&state=DcuxDoIwEIDhou_iVjmOHrQDcdAYBlzURMPWozdIJBggGN_eDt-__YlSahttogRiVFnktiiNAwNIjhBy3BvkzFKwWiySNmKN5sCocyEg8ZmA8Ul8T-n49elhXvwiVbabJLwm6Zb7WPn6Cl19KZqfW8PzOjO6qRnc0A7vvr1RzwgrP84fPto_&sso_reload=true&__cf_chl_tk=pREgJPIggfrDEjj9GK4yQn7mfWm1ktfAVbxc3XGXC9Q-1742235421-1.0.1.1-ewoL3hr4sMh8t6zfPCQjJ2p5N8fhHPkMoB.TWgE5VBs	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e7c294ed04f3a/1742235426143/9077f77a9a22a3d775bec1f7b4425488a10d8ec26d1b7d537c2683e08a0fdf15/WhczPpBGXHLy4X0	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/jsd/r/0.2467483113438528:1742232292:aLxDlroqA6vSmzj8cnYgMPIsrE8qK1HATC18uZPaT5w/921e7c720c6e429e	true	Avira URL Cloud: safe	unknown
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	true	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.1.mouse.js	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=921e7c1a7bdfcc98	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/owa/prefetch.aspx	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e7bc00f21fbfb/1742235409246/e2a73584760cfdb648e016bf37cedc29239b751956b9c0b29e072beb37001c74/ecn5-1p3kfXiNgd	false		high
https://microsoft.emg-dev.com/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/921e7bc00f21fbfb/1742235409250/Fhonndl-QYlAG96	false		high
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/images/0/sprite1.mouse.png	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/695178957:1742232364:fAqBodgcoMUGJYc_fBcZN0cK49h2Op8L9YHEQQKZcbQ/921e7bc00f21fbfb/h3otsN.6gyeyjVvVinLvGwV.wHMoJ0bYmYUb.CVHqfI-1742235407-1.1.1.1-hbwOdBqQ7YvfjyioqqfyAUPAshM7B_1OUvjMJ.A9DMetDUWOZSrGXZz651F_UfCG	false		high
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0.js	true	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=oCskCP2DfrAaReZZaLlc3O9b6NT5pZ2nTHjGQ6pxHGbn2FFSj%2FPgd0D7e2TC6C%2BgGLdcNr5bjK2ai%2BG1anTJ8rsVTaeN5QW4mrwGCCVABPnx%2BHtOfiiknW1qtEG2vaJ9r2qI%2FztXxZ4bb9AVVNX19CI%3D	false		high
https://login.o365contact-verify.click/aExWtFxo	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e7bc00f21fbfb&lang=auto	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		high
https://login.o365contact-verify.click/s/f7e86b03bdb656e251f827eb1c7a20184a32a5d126aad25d57f78058e4d6f4f0	true	Avira URL Cloud: safe	unknown
https://outlook.o365contact-verify.click/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?	false	Avira URL Cloud: safe	unknown
https://r4.res.office365.com/owa/prem/15.20.8534.33/resources/styles/0/boot.worldwide.mouse.css	false		high
https://a.nel.cloudflare.com/report/v4?s=Zr%2BPVqBP7luk2y5rWna%2BdWUVh8rOg9gDn0FlmWu7jI1NAf7dWq%2BASkza9w4oVVpSlCriK1sHGHQL8snAuZUurfcGqY4oXQ9b6Xn%2B0uatjpUuphjYOrLg%2F3TXng11TCGaLl82m1%2FGksewkxWa52daY24%3D	false		high
https://r4.res.office365.com/owa/prem/15.20.8534.33/scripts/boot.worldwide.3.mouse.js	false		high
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/ulgmu/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://login.o365contact-verify.click/cdn-cgi/challenge-platform/scripts/jsd/main.js	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://github.com/jquery/globalize	chromecache_276.16.dr	false	high
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	high
https://www.adobe.co	ReaderMessages.0.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
68.66.200.210	microsoft.emg-dev.com	United States	55293	A2HOSTINGUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.21.47.242	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.174.141	login.o365contact-verify.click	United States	13335	CLOUDFLARENETUS	true
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.19.105.127	e8652.dscx.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
142.250.185.196	www.google.com	United States	15169	GOOGLEUS	false
95.101.182.72	e40491.dscg.akamaiedge.net	European Union	20940	AKAMAI-ASN1EU	false
95.101.54.225	a1894.dscb.akamai.net	European Union	34164	AKAMAI-LONGB	false

Private

IP
192.168.2.4
192.168.2.24
192.168.2.11

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1640832
Start date and time:	2025-03-17 19:14:43 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Emarine System Contact Update.pdf
Detection:	MAL
Classification:	mal64.phis.winPDF@62/113@100/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.104.203, 3.219.243.226, 52.6.155.20, 52.22.41.97, 3.233.129.217, 162.159.61.3, 172.64.41.3, 199.232.214.172, 2.22.242.123, 2.22.242.11, 199.232.210.172, 142.250.185.131, 216.58.206.78, 142.250.185.206, 64.233.167.84, 216.58.212.142, 142.250.186.142, 172.217.18.110, 142.250.186.42, 142.250.186.74, 142.250.185.138, 142.250.186.106, 216.58.206.42, 216.58.212.138, 142.250.186.138, 216.58.206.74, 172.217.16.202, 142.250.74.202, 142.250.185.74, 142.250.184.234, 142.250.185.106, 172.217.18.10, 142.250.186.170, 142.250.184.202, 195.33.199.28, 142.250.184.238, 142.251.32.110, 173.194.7.38, 142.250.185.234, 142.250.185.202, 142.250.185.170, 142.250.181.234, 216.58.212.170, 142.250.184.195, 142.250.186.78, 20.50.201.205, 20.50.201.204, 4.245.163.56, 23.217.172.185, 23.60.203.209, 20.109.210.53, 13.107.246.60, 13.107.246.67, 142.250.186.99
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, r1---sn-p5qddn76.gvt1.com, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, p13n.adobe.io, firstparty-azurefd-prod.trafficmanager.net, eu.events.data.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, r1.sn-p5qddn76.gvt1.com, armmf.adobe.com, aadcdnoriginwus2.afd.azureedge.net, onedscolprdweu13.westeurope.cloudapp.azure.com, clients.l.google.com, geo2.adobe.com, eu-mobile.events.data.microsoft.com, onedscolprdweu10.westeurope.cl
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
14:15:50	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
2.19.105.127	nZsqQiT9Wr.lnk	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	Elm City Communities-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	x1.i.lencr.org/
	7ZSfxMod_x86.exe	Get hash	malicious	Gamaredon, UltraVNC	Browse	x1.i.lencr.org/
	Cbonline Q1 Handbook-0782794.pdf	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	x1.i.lencr.org/
	ZWOLANIE-_1 (1) (2) (2).pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	aaaaaaaa.docx.doc	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	Acuerdo_de_Orden_de_Compra001.pdf.lnk	Get hash	malicious	Remcos	Browse	x1.i.lencr.org/
	Attach_Project_27022025.pdf	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	x1.i.lencr.org/
	osnova.ps1	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	new.bat	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
104.21.47.242	http://powerspecinc.com	Get hash	malicious	Unknown	Browse
104.21.47.242	https://arthurrlemus.wixsite.com/micr/office	Get hash	malicious	Unknown	Browse
68.66.200.210	https://email-track.shoplazza.com/?email_id=20230720100050.f77f9280aed76e07&order_ids=844112-00000483&redirect_url=http%3A%2F%2Fp0cvPm.ginecomastia.com%2Fp0cvPm%2Falberto.olivares@aciworldwide.com%3Femail_id%3D20230720100050.f77f9280aed76e07%26ut_campaign%3Dshoplazza_checkout_reminder%26ut_medium%3Demail%26ut_source%3Dshoplazza_checkout%26utm_medium%3Demail&store_id=844112	Get hash	malicious	Unknown	Browse	p0cvpm.ginecomastia.com/favicon.ico
104.18.94.41	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	2450856955_.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://h89s9dhj.ccbequipamentos.com.br/?noiajvga=2bdd817baf4e46e28f740a82bff8e850881b2c9159d1f9f1d332e339e76eea813a3f5893897cb7539a84e2eac2026594b5d62df0bbf5820b252c5afd2b02c9cd	Get hash	malicious	HTMLPhisher	Browse
	https://storage.googleapis.com/dfh7d89fh7df4j65djf4g65j4s6fg7j/031.html#LAst01.html?syb=1x167d493f46630a_vl_b2d.ja6t63xhxq8-0bmkl2j.54qf18g.BOwWGLPM3hoeHE4LTBibWtsMmo0u6Nvi	Get hash	malicious	Phisher	Browse
	https://docs.faxcloudstorage.de/uTN1Q	Get hash	malicious	HTMLPhisher	Browse
	https://loginonlinesettings-deme-group.jro7k.com/?&em=am9yaXMuZGltaXRyeUBkZW1lLWdyb3VwLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://stelladass.co.uk/ra3.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://app.eraser.io/workspace/32c12MLUJSCjts5wfE3E?origin=share	Get hash	malicious	HTMLPhisher	Browse
	https://www.swpinovalab.com.br/admin/ees.php	Get hash	malicious	HTMLPhisher	Browse
104.18.95.41	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhGNZUddqwhjRz7Y3aH-2F1iEXujVcSjMM7CY7q30axNIjPtSPwVANtpwkARse71YbTG6hv5YyKcZ3EG9czO3tuqWXIHvFV-2FdtzTRYY9DFBEvbC0MnWDkjPffSjdhbZvMXBG-2Fbl-2F1JQalpy10ZBTpuDmJw8qtDG1RR-2FO-2Bzqy6Ryg-2BIXW6P-2FRmEE7JdIRaCncCouVLTVsWciZPEjkoHD7BDf7qzUctKE-2Fuov9RtCNiCQmJmwXCDa5dDgefQoLRKRDmR4vQ-3D-3DKnfO_4-2BCeSnTfNElQaOz0iIYXcY63TczAP34ghOtoTraLSwoOLAyQYuLOf75Ty99J50dacfCtsIK1GZvxQM45z1qBFZ9wseL0KuFhELugADtC7G-2Bvzzdi1qvZkAsCG7tQfhZagkro3woJV3MTqoQy1rs8sT0Ut5uYpsrniDcVKn6MJEnCWRsblRYyJRkv-2BYtQV-2BKUm1WYOzDqDkYxny3kQFWCbISNT8xpoE2o-2BIn1-2FK5Ue8M-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	Wpb00990__098.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://storage.googleapis.com/dfh7d89fh7df4j65djf4g65j4s6fg7j/031.html#LAst01.html?syb=1x167d493f46630a_vl_b2d.ja6t63xhxq8-0bmkl2j.54qf18g.BOwWGLPM3hoeHE4LTBibWtsMmo0u6Nvi	Get hash	malicious	Phisher	Browse
	https://docs.faxcloudstorage.de/uTN1Q	Get hash	malicious	HTMLPhisher	Browse
	https://docs.faxcloudstorage.de/uTN1Q	Get hash	malicious	HTMLPhisher	Browse
	5886059152_.svg	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://vleducationdemo.com/cllascio.php?342d363837343734373037333361326632663561353933373761326536363664363137393664376136613730326537323735326636363439363336313465363437353532363537303631353332662d	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://www.swpinovalab.com.br/admin/ees.php	Get hash	malicious	HTMLPhisher	Browse
	f64da42c-e9a8-a0ac-437d-d14377da4643.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	https://quilter.fineequiprnent.net/cyyksfewtebxpij/nspderlqsumnd/Zzlfycybzhhctwe89g0xmsc/uztzgkmaolipwp/qvxwpsequug/connor.allen/wvqtiwhatdb/quilter.com/clzcbcvcepgd8	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e329293.dscd.akamaiedge.net	https://u17065553.ct.sendgrid.net/ls/click?upn=u001.Rw-2FXpvWBRDxNoiEvv-2B0VhMl349dE-2BIxYKCLpL5-2B-2FL8px39hmRTYxAZ-2BeMH1CR7jYvsg3f7mQR-2BtgzEdpv6rWDyoEa1Isq60WafIaat9IMqfozrbRuGiDhSD5zRfw1vSUnaPfHOkeKVWyjmgPghsIl-2FnSiz3vjd-2BgNdZNW1WWi7RlhTni8jQbV4O1UkQOa0-2F2VYGlXOPUclqMwRi50Vl1PR4j2jhVrjOnUdA6E03jJF3YxTMCgxElFH-2Bjnu2oS6ZdGJGXf9TKr37Eh3pnVym0G5ilxnSN6bJyz-2FWbi47cL6vQDH-2FLX6HDdsxLQr4OiWNyplfwZIjGldJH3Oj3k-2B0Sr92pyHOs07I3QG9CN9BFC52s0blv8XoiBzACqb7MDZTgdhgx-2Fj3fdHjRUqn0E0aUxawEH-2F-2B7SQiAWk4bi4jHEXI-3DlKA5_AMa9RrBWZfrIG11ZEW0ArF1BRI9e8rcrPZr5T9DlZ7Ba2ZAvuJPwiS8cX4aFrXjFerUDwGcfFdNk6Ly7G30W-2FpJZ3vwwQM6aCBocvejnros7-2FYckwVQH02a6C13hCOZXCH6DxRozn9HOBenC-2BdqPCIwBV1vvkSKYyJjB4wo2MVyi5b4Ko6F9xhTiwowhGgTSo1JEnvhUu4BAFpCuBdmsFw-3D-3D	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	92.123.12.181
	https://h89s9dhj.ccbequipamentos.com.br/?noiajvga=2bdd817baf4e46e28f740a82bff8e850881b2c9159d1f9f1d332e339e76eea813a3f5893897cb7539a84e2eac2026594b5d62df0bbf5820b252c5afd2b02c9cd	Get hash	malicious	HTMLPhisher	Browse	92.123.12.139
	VM(Carmen)52177372.mp4.html	Get hash	malicious	HTMLPhisher	Browse	92.123.12.181
	https://forms.office.com/e/CzYzGKsuJ0h0Qz9CdMLPYe0NavsKbyZ12uW0kP6	Get hash	malicious	HTMLPhisher	Browse	92.123.12.181
	Wpb00990__098.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	95.101.182.112
	https://docs.faxcloudstorage.de/uTN1Q	Get hash	malicious	HTMLPhisher	Browse	95.101.182.89
	https://docs.faxcloudstorage.de/uTN1Q	Get hash	malicious	HTMLPhisher	Browse	95.101.182.98
	https://loginonlinesettings-deme-group.jro7k.com/?&em=am9yaXMuZGltaXRyeUBkZW1lLWdyb3VwLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	92.123.12.181
	https://app.eraser.io/workspace/32c12MLUJSCjts5wfE3E?origin=share	Get hash	malicious	HTMLPhisher	Browse	2.22.242.18
	https://nwsyork.lamboi.xyz/HnBTHlrQ#parts@foster-uk.com	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.209.72.9
e40491.dscg.akamaiedge.net	http://lookerstudio%2e%67%6f%6f%67%6c%65%2e%63%6f%6d/s/tVpHSqKmotA	Get hash	malicious	HTMLPhisher	Browse	2.19.120.73
	https://sites.google.com/view/wiubriu38/home	Get hash	malicious	HTMLPhisher	Browse	95.101.182.48
	https://sites.google.com/view/wiubriu38/home	Get hash	malicious	HTMLPhisher	Browse	95.101.182.48
	https://buildersstoneandmasonry-my.sharepoint.com/:f:/g/pers

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Emarine System Contact Update.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

Windows Analysis Report
Emarine System Contact Update.pdf